From 51783211bf949eaea7757e230243b04f6c7500f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Jun 2020 21:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17655.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0067.json | 5 +++ 2020/0xxx/CVE-2020-0543.json | 5 +++ 2020/10xxx/CVE-2020-10751.json | 5 +++ 2020/12xxx/CVE-2020-12114.json | 5 +++ 2020/12xxx/CVE-2020-12464.json | 5 +++ 2020/12xxx/CVE-2020-12659.json | 5 +++ 2020/12xxx/CVE-2020-12712.json | 5 +++ 2020/13xxx/CVE-2020-13162.json | 5 +++ 2020/13xxx/CVE-2020-13702.json | 7 +++- 2020/14xxx/CVE-2020-14208.json | 18 ++++++++++ 2020/14xxx/CVE-2020-14209.json | 18 ++++++++++ 2020/5xxx/CVE-2020-5515.json | 5 +++ 2020/9xxx/CVE-2020-9289.json | 50 +++++++++++++++++++++++++-- 14 files changed, 196 insertions(+), 4 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17655.json create mode 100644 2020/14xxx/CVE-2020-14208.json create mode 100644 2020/14xxx/CVE-2020-14209.json diff --git a/2019/17xxx/CVE-2019-17655.json b/2019/17xxx/CVE-2019-17655.json new file mode 100644 index 00000000000..8e8e2e369c0 --- /dev/null +++ b/2019/17xxx/CVE-2019-17655.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17655", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "FortiOS 6.2.2 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-19-217", + "url": "https://fortiguard.com/psirt/FG-IR-19-217" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0067.json b/2020/0xxx/CVE-2020-0067.json index b9b2ecd13c0..7caebd477d0 100644 --- a/2020/0xxx/CVE-2020-0067.json +++ b/2020/0xxx/CVE-2020-0067.json @@ -58,6 +58,11 @@ "refsource": "UBUNTU", "name": "USN-4388-1", "url": "https://usn.ubuntu.com/4388-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] }, diff --git a/2020/0xxx/CVE-2020-0543.json b/2020/0xxx/CVE-2020-0543.json index d319188cc56..7ecd44b2764 100644 --- a/2020/0xxx/CVE-2020-0543.json +++ b/2020/0xxx/CVE-2020-0543.json @@ -73,6 +73,11 @@ "refsource": "UBUNTU", "name": "USN-4393-1", "url": "https://usn.ubuntu.com/4393-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] }, diff --git a/2020/10xxx/CVE-2020-10751.json b/2020/10xxx/CVE-2020-10751.json index c594dbca6ae..9236949b2ec 100644 --- a/2020/10xxx/CVE-2020-10751.json +++ b/2020/10xxx/CVE-2020-10751.json @@ -98,6 +98,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0801", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] }, diff --git a/2020/12xxx/CVE-2020-12114.json b/2020/12xxx/CVE-2020-12114.json index b250410c919..26688dec39b 100644 --- a/2020/12xxx/CVE-2020-12114.json +++ b/2020/12xxx/CVE-2020-12114.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4392-1", "url": "https://usn.ubuntu.com/4392-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12464.json b/2020/12xxx/CVE-2020-12464.json index b98bf07b4bb..a074eb356cf 100644 --- a/2020/12xxx/CVE-2020-12464.json +++ b/2020/12xxx/CVE-2020-12464.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4388-1", "url": "https://usn.ubuntu.com/4388-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12659.json b/2020/12xxx/CVE-2020-12659.json index 6e1b4492887..09ee6fcc1e8 100644 --- a/2020/12xxx/CVE-2020-12659.json +++ b/2020/12xxx/CVE-2020-12659.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4388-1", "url": "https://usn.ubuntu.com/4388-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4389-1", + "url": "https://usn.ubuntu.com/4389-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12712.json b/2020/12xxx/CVE-2020-12712.json index eab8c990d05..d25a9f2344e 100644 --- a/2020/12xxx/CVE-2020-12712.json +++ b/2020/12xxx/CVE-2020-12712.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html", + "url": "http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html" } ] } diff --git a/2020/13xxx/CVE-2020-13162.json b/2020/13xxx/CVE-2020-13162.json index 323c685d821..346e1067958 100644 --- a/2020/13xxx/CVE-2020-13162.json +++ b/2020/13xxx/CVE-2020-13162.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/", "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html" } ] } diff --git a/2020/13xxx/CVE-2020-13702.json b/2020/13xxx/CVE-2020-13702.json index 9612275f543..f1d1784ba90 100644 --- a/2020/13xxx/CVE-2020-13702.json +++ b/2020/13xxx/CVE-2020-13702.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. NOTE: this is disputed because the specification states \"The advertiser address, Rolling Proximity Identifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked\" and therefore the purported tracking actually cannot occur." + "value": "** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. NOTE: this is disputed because the specification states \"The advertiser address, Rolling Proximity Identifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked\" and therefore the purported tracking actually cannot occur. The original reporter says that synchronous changes only occur in one direction, not both directions." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf", "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf", + "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf" } ] }, diff --git a/2020/14xxx/CVE-2020-14208.json b/2020/14xxx/CVE-2020-14208.json new file mode 100644 index 00000000000..007578db3e1 --- /dev/null +++ b/2020/14xxx/CVE-2020-14208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14209.json b/2020/14xxx/CVE-2020-14209.json new file mode 100644 index 00000000000..325c5f2e910 --- /dev/null +++ b/2020/14xxx/CVE-2020-14209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5515.json b/2020/5xxx/CVE-2020-5515.json index 7559c8c2bf5..c5c181f7659 100644 --- a/2020/5xxx/CVE-2020-5515.json +++ b/2020/5xxx/CVE-2020-5515.json @@ -56,6 +56,11 @@ "url": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/", "refsource": "MISC", "name": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html" } ] } diff --git a/2020/9xxx/CVE-2020-9289.json b/2020/9xxx/CVE-2020-9289.json index 89846d45511..acec5463be9 100644 --- a/2020/9xxx/CVE-2020-9289.json +++ b/2020/9xxx/CVE-2020-9289.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiManager", + "version": { + "version_data": [ + { + "version_value": "FortiManager 6.2.3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-19-007", + "url": "https://fortiguard.com/psirt/FG-IR-19-007" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key." } ] }