From 56bd89974c814ab471bfa3f218b19e762eda8f9a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Sep 2020 15:01:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20810.json | 5 +++++ 2020/10xxx/CVE-2020-10757.json | 5 +++++ 2020/12xxx/CVE-2020-12655.json | 5 +++++ 2020/12xxx/CVE-2020-12656.json | 5 +++++ 2020/12xxx/CVE-2020-12771.json | 10 ++++++++++ 2020/13xxx/CVE-2020-13974.json | 5 +++++ 2020/14xxx/CVE-2020-14356.json | 5 +++++ 2020/15xxx/CVE-2020-15393.json | 5 +++++ 2020/17xxx/CVE-2020-17489.json | 5 +++++ 2020/24xxx/CVE-2020-24394.json | 5 +++++ 2020/8xxx/CVE-2020-8339.json | 10 +++++----- 2020/8xxx/CVE-2020-8340.json | 10 +++++----- 2020/8xxx/CVE-2020-8342.json | 8 ++++---- 2020/8xxx/CVE-2020-8346.json | 9 ++++----- 14 files changed, 73 insertions(+), 19 deletions(-) diff --git a/2019/20xxx/CVE-2019-20810.json b/2019/20xxx/CVE-2019-20810.json index c6e93d40ba9..63480dc3ea9 100644 --- a/2019/20xxx/CVE-2019-20810.json +++ b/2019/20xxx/CVE-2019-20810.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10757.json b/2020/10xxx/CVE-2020-10757.json index eea9d8960d8..b951ead1be1 100644 --- a/2020/10xxx/CVE-2020-10757.json +++ b/2020/10xxx/CVE-2020-10757.json @@ -103,6 +103,11 @@ "refsource": "UBUNTU", "name": "USN-4440-1", "url": "https://usn.ubuntu.com/4440-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] }, diff --git a/2020/12xxx/CVE-2020-12655.json b/2020/12xxx/CVE-2020-12655.json index eb8b8e11648..acd83bb6a5b 100644 --- a/2020/12xxx/CVE-2020-12655.json +++ b/2020/12xxx/CVE-2020-12655.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4465-1", "url": "https://usn.ubuntu.com/4465-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12656.json b/2020/12xxx/CVE-2020-12656.json index ff93f5ef2cc..bb193a7dd2b 100644 --- a/2020/12xxx/CVE-2020-12656.json +++ b/2020/12xxx/CVE-2020-12656.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0935", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12771.json b/2020/12xxx/CVE-2020-12771.json index 5b96eac570e..bc2713579ca 100644 --- a/2020/12xxx/CVE-2020-12771.json +++ b/2020/12xxx/CVE-2020-12771.json @@ -86,6 +86,16 @@ "refsource": "UBUNTU", "name": "USN-4465-1", "url": "https://usn.ubuntu.com/4465-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4462-1", + "url": "https://usn.ubuntu.com/4462-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13974.json b/2020/13xxx/CVE-2020-13974.json index ec0fc1fc13c..94aae25c2d4 100644 --- a/2020/13xxx/CVE-2020-13974.json +++ b/2020/13xxx/CVE-2020-13974.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/14xxx/CVE-2020-14356.json b/2020/14xxx/CVE-2020-14356.json index 20a9eaa4ef3..7ffd4ec8593 100644 --- a/2020/14xxx/CVE-2020-14356.json +++ b/2020/14xxx/CVE-2020-14356.json @@ -78,6 +78,11 @@ "refsource": "UBUNTU", "name": "USN-4484-1", "url": "https://usn.ubuntu.com/4484-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] }, diff --git a/2020/15xxx/CVE-2020-15393.json b/2020/15xxx/CVE-2020-15393.json index 9004186f69d..30952becf18 100644 --- a/2020/15xxx/CVE-2020-15393.json +++ b/2020/15xxx/CVE-2020-15393.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4465-1", "url": "https://usn.ubuntu.com/4465-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/17xxx/CVE-2020-17489.json b/2020/17xxx/CVE-2020-17489.json index ac2a93f0ed0..4f14e0cdd79 100644 --- a/2020/17xxx/CVE-2020-17489.json +++ b/2020/17xxx/CVE-2020-17489.json @@ -66,6 +66,11 @@ "refsource": "GENTOO", "name": "GLSA-202009-08", "url": "https://security.gentoo.org/glsa/202009-08" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html" } ] } diff --git a/2020/24xxx/CVE-2020-24394.json b/2020/24xxx/CVE-2020-24394.json index ffdce826216..1e62ffa4944 100644 --- a/2020/24xxx/CVE-2020-24394.json +++ b/2020/24xxx/CVE-2020-24394.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200904-0003/", "url": "https://security.netapp.com/advisory/ntap-20200904-0003/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4483-1", + "url": "https://usn.ubuntu.com/4483-1/" } ] } diff --git a/2020/8xxx/CVE-2020-8339.json b/2020/8xxx/CVE-2020-8339.json index c9a2ba70190..2877ceabecc 100644 --- a/2020/8xxx/CVE-2020-8339.json +++ b/2020/8xxx/CVE-2020-8339.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself." + "value": "A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself." } ] }, @@ -80,8 +80,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-38385" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-38385", + "name": "https://support.lenovo.com/us/en/product_security/LEN-38385" } ] }, @@ -95,5 +96,4 @@ "advisory": "LEN-38385", "discovery": "UNKNOWN" } -} - +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8340.json b/2020/8xxx/CVE-2020-8340.json index 08e3da8d927..68a0fde9351 100644 --- a/2020/8xxx/CVE-2020-8340.json +++ b/2020/8xxx/CVE-2020-8340.json @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself." + "value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself." } ] }, @@ -103,8 +103,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-44717" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-44717", + "name": "https://support.lenovo.com/us/en/product_security/LEN-44717" } ] }, @@ -118,5 +119,4 @@ "advisory": "LEN-44717", "discovery": "UNKNOWN" } -} - +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8342.json b/2020/8xxx/CVE-2020-8342.json index 6272d886a92..470b6077960 100644 --- a/2020/8xxx/CVE-2020-8342.json +++ b/2020/8xxx/CVE-2020-8342.json @@ -80,8 +80,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-42150" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-42150", + "name": "https://support.lenovo.com/us/en/product_security/LEN-42150" } ] }, @@ -95,5 +96,4 @@ "advisory": "LEN-42150", "discovery": "UNKNOWN" } -} - +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8346.json b/2020/8xxx/CVE-2020-8346.json index b03e04a5a4f..82849987247 100644 --- a/2020/8xxx/CVE-2020-8346.json +++ b/2020/8xxx/CVE-2020-8346.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", @@ -81,8 +80,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-38717" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-38717", + "name": "https://support.lenovo.com/us/en/product_security/LEN-38717" } ] }, @@ -96,5 +96,4 @@ "advisory": "LEN-38717", "discovery": "UNKNOWN" } -} - +} \ No newline at end of file