diff --git a/2019/17xxx/CVE-2019-17569.json b/2019/17xxx/CVE-2019-17569.json index bc56a6e83d6..13b566b64c7 100644 --- a/2019/17xxx/CVE-2019-17569.json +++ b/2019/17xxx/CVE-2019-17569.json @@ -59,6 +59,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20446.json b/2019/20xxx/CVE-2019-20446.json index 3004007b7bb..de0a803e312 100644 --- a/2019/20xxx/CVE-2019-20446.json +++ b/2019/20xxx/CVE-2019-20446.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/librsvg/issues/515", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/librsvg/issues/515" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0343", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html" } ] } diff --git a/2019/2xxx/CVE-2019-2058.json b/2019/2xxx/CVE-2019-2058.json index f87c370a053..8a284cca783 100644 --- a/2019/2xxx/CVE-2019-2058.json +++ b/2019/2xxx/CVE-2019-2058.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2058", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2058", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-136089102" } ] } diff --git a/2019/2xxx/CVE-2019-2088.json b/2019/2xxx/CVE-2019-2088.json index fb465d138e2..5c7b20496f4 100644 --- a/2019/2xxx/CVE-2019-2088.json +++ b/2019/2xxx/CVE-2019-2088.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2088", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2088", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-143895055" } ] } diff --git a/2019/2xxx/CVE-2019-2089.json b/2019/2xxx/CVE-2019-2089.json index ac0d5731312..af798e2237a 100644 --- a/2019/2xxx/CVE-2019-2089.json +++ b/2019/2xxx/CVE-2019-2089.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2089", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2089", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-116608833" } ] } diff --git a/2019/2xxx/CVE-2019-2216.json b/2019/2xxx/CVE-2019-2216.json index b20300fa179..b58202f9d7d 100644 --- a/2019/2xxx/CVE-2019-2216.json +++ b/2019/2xxx/CVE-2019-2216.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2216", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-38390530" } ] } diff --git a/2019/9xxx/CVE-2019-9288.json b/2019/9xxx/CVE-2019-9288.json index 64275858736..e88c64c58d0 100644 --- a/2019/9xxx/CVE-2019-9288.json +++ b/2019/9xxx/CVE-2019-9288.json @@ -45,7 +45,7 @@ "references": { "reference_data": [ { - "refsource": "MISC", + "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077" + "value": "In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android ID: A-111363077" } ] } diff --git a/2019/9xxx/CVE-2019-9473.json b/2019/9xxx/CVE-2019-9473.json index f9a5c31f388..386998c64b5 100644 --- a/2019/9xxx/CVE-2019-9473.json +++ b/2019/9xxx/CVE-2019-9473.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9473", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9473", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-115363533" } ] } diff --git a/2019/9xxx/CVE-2019-9474.json b/2019/9xxx/CVE-2019-9474.json index 6ac821f08ec..adb01e102df 100644 --- a/2019/9xxx/CVE-2019-9474.json +++ b/2019/9xxx/CVE-2019-9474.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9474", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-79996267" } ] } diff --git a/2019/9xxx/CVE-2019-9928.json b/2019/9xxx/CVE-2019-9928.json index 06535676cc0..fbff7042145 100644 --- a/2019/9xxx/CVE-2019-9928.json +++ b/2019/9xxx/CVE-2019-9928.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1639", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-33", + "url": "https://security.gentoo.org/glsa/202003-33" } ] } diff --git a/2020/0xxx/CVE-2020-0086.json b/2020/0xxx/CVE-2020-0086.json new file mode 100644 index 00000000000..12f0f26b4e1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0086.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0086", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0088.json b/2020/0xxx/CVE-2020-0088.json new file mode 100644 index 00000000000..70ba1bab68d --- /dev/null +++ b/2020/0xxx/CVE-2020-0088.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0088", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-124389881" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10592.json b/2020/10xxx/CVE-2020-10592.json new file mode 100644 index 00000000000..25b5bd39829 --- /dev/null +++ b/2020/10xxx/CVE-2020-10592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10593.json b/2020/10xxx/CVE-2020-10593.json new file mode 100644 index 00000000000..1ba6f822a7e --- /dev/null +++ b/2020/10xxx/CVE-2020-10593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10594.json b/2020/10xxx/CVE-2020-10594.json new file mode 100644 index 00000000000..e7cc290b58a --- /dev/null +++ b/2020/10xxx/CVE-2020-10594.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36", + "refsource": "MISC", + "name": "https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36" + }, + { + "url": "https://pypi.org/project/drf-jwt/1.15.1/#history", + "refsource": "MISC", + "name": "https://pypi.org/project/drf-jwt/1.15.1/#history" + }, + { + "url": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484", + "refsource": "MISC", + "name": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1935.json b/2020/1xxx/CVE-2020-1935.json index 35334abc2ea..c9b4cf4703f 100644 --- a/2020/1xxx/CVE-2020-1935.json +++ b/2020/1xxx/CVE-2020-1935.json @@ -59,6 +59,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 42f5852d712..67c2346e7f9 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -164,6 +164,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1", "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7601.json b/2020/7xxx/CVE-2020-7601.json index d8d032dd103..7bed5a264a1 100644 --- a/2020/7xxx/CVE-2020-7601.json +++ b/2020/7xxx/CVE-2020-7601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-scss-lint", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114", + "url": "https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the \"exec\" function located in \"src/command.js\" via the provided options." } ] } diff --git a/2020/7xxx/CVE-2020-7602.json b/2020/7xxx/CVE-2020-7602.json index 69a41374107..efe8af2566d 100644 --- a/2020/7xxx/CVE-2020-7602.json +++ b/2020/7xxx/CVE-2020-7602.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "node-prompt-here", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115", + "url": "https://snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "node-prompt-here through 1.0.1 allows execution of arbitrary commands. The \"runCommand()\" is called by \"getDevices()\" function in file \"linux/manager.js\", which is required by the \"index. process.env.NM_CLI\" in the file \"linux/manager.js\". This function is used to construct the argument of function \"execSync()\", which can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7603.json b/2020/7xxx/CVE-2020-7603.json index c7d17b1185a..05eb5b36c27 100644 --- a/2020/7xxx/CVE-2020-7603.json +++ b/2020/7xxx/CVE-2020-7603.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "closure-compiler-stream", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.1.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123", + "url": "https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument \"options\" of the exports function in \"index.js\" can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7604.json b/2020/7xxx/CVE-2020-7604.json index b33e66c1735..40056b4d13a 100644 --- a/2020/7xxx/CVE-2020-7604.json +++ b/2020/7xxx/CVE-2020-7604.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pulverizr", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122", + "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command." } ] } diff --git a/2020/7xxx/CVE-2020-7605.json b/2020/7xxx/CVE-2020-7605.json index 48993f9a525..b7218736986 100644 --- a/2020/7xxx/CVE-2020-7605.json +++ b/2020/7xxx/CVE-2020-7605.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-tape", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPTAPE-560124", + "url": "https://snyk.io/vuln/SNYK-JS-GULPTAPE-560124" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options." } ] } diff --git a/2020/7xxx/CVE-2020-7606.json b/2020/7xxx/CVE-2020-7606.json index e2fe5d563af..d20ac7aeaba 100644 --- a/2020/7xxx/CVE-2020-7606.json +++ b/2020/7xxx/CVE-2020-7606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "docker-compose-remote-api", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125", + "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7607.json b/2020/7xxx/CVE-2020-7607.json index 994206ad2d3..7a371c7dc55 100644 --- a/2020/7xxx/CVE-2020-7607.json +++ b/2020/7xxx/CVE-2020-7607.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-styledocco", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126", + "url": "https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization." } ] } diff --git a/2020/9xxx/CVE-2020-9287.json b/2020/9xxx/CVE-2020-9287.json index 0a2044f2a3c..a2a3be58044 100644 --- a/2020/9xxx/CVE-2020-9287.json +++ b/2020/9xxx/CVE-2020-9287.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient EMS", + "version": { + "version_data": [ + { + "version_value": "6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-060", + "url": "https://fortiguard.com/psirt/FG-IR-19-060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory." } ] } diff --git a/2020/9xxx/CVE-2020-9290.json b/2020/9xxx/CVE-2020-9290.json index 3e05a6c515a..a7b9dae891f 100644 --- a/2020/9xxx/CVE-2020-9290.json +++ b/2020/9xxx/CVE-2020-9290.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient for Windows", + "version": { + "version_data": [ + { + "version_value": "6.2.3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-060", + "url": "https://fortiguard.com/psirt/FG-IR-19-060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory." } ] }