diff --git a/2020/13xxx/CVE-2020-13754.json b/2020/13xxx/CVE-2020-13754.json index ecf38990b87..8f7c030b129 100644 --- a/2020/13xxx/CVE-2020-13754.json +++ b/2020/13xxx/CVE-2020-13754.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200608-0007/", "url": "https://security.netapp.com/advisory/ntap-20200608-0007/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS", + "url": "http://www.openwall.com/lists/oss-security/2020/06/15/8" } ] } diff --git a/2020/14xxx/CVE-2020-14163.json b/2020/14xxx/CVE-2020-14163.json new file mode 100644 index 00000000000..1e7e4532260 --- /dev/null +++ b/2020/14xxx/CVE-2020-14163.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-14163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jerryscript-project/jerryscript/issues/3804", + "refsource": "MISC", + "name": "https://github.com/jerryscript-project/jerryscript/issues/3804" + }, + { + "url": "https://github.com/jerryscript-project/jerryscript/pull/3805/commits/9d76c134c24cfb92ec079ce4298f8eff51a50416", + "refsource": "MISC", + "name": "https://github.com/jerryscript-project/jerryscript/pull/3805/commits/9d76c134c24cfb92ec079ce4298f8eff51a50416" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1963.json b/2020/1xxx/CVE-2020-1963.json index b0f69f5845b..69d82238091 100644 --- a/2020/1xxx/CVE-2020-1963.json +++ b/2020/1xxx/CVE-2020-1963.json @@ -78,6 +78,16 @@ "refsource": "MLIST", "name": "[ignite-user] 20200609 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", "url": "https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ignite-dev] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ignite-user] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1964.json b/2020/1xxx/CVE-2020-1964.json index 3465a2651a8..4e9688e71ae 100644 --- a/2020/1xxx/CVE-2020-1964.json +++ b/2020/1xxx/CVE-2020-1964.json @@ -58,6 +58,16 @@ "refsource": "MLIST", "name": "[ignite-dev] 20200608 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", "url": "https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ignite-dev] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ignite-user] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5358.json b/2020/5xxx/CVE-2020-5358.json index bc8cb59c12a..769255d060e 100644 --- a/2020/5xxx/CVE-2020-5358.json +++ b/2020/5xxx/CVE-2020-5358.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2020-06-11", - "ID": "CVE-2020-5358", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-06-11", + "ID": "CVE-2020-5358", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Dell Encryption Enterprise", + "product_name": "Dell Encryption Enterprise", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "10.7" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.7, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/SLN321789" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/SLN321789", + "name": "https://www.dell.com/support/article/SLN321789" } ] }