From 7056876b5337746f675ae7264c3b7cbea93b90b9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Dec 2020 18:01:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13956.json | 5 ++ 2020/1xxx/CVE-2020-1848.json | 50 +++++++++++++- 2020/28xxx/CVE-2020-28278.json | 55 +++++++++++++++- 2020/28xxx/CVE-2020-28279.json | 55 +++++++++++++++- 2020/28xxx/CVE-2020-28280.json | 55 +++++++++++++++- 2020/28xxx/CVE-2020-28281.json | 55 +++++++++++++++- 2020/28xxx/CVE-2020-28282.json | 55 +++++++++++++++- 2020/28xxx/CVE-2020-28283.json | 55 +++++++++++++++- 2020/35xxx/CVE-2020-35772.json | 18 +++++ 2020/35xxx/CVE-2020-35773.json | 77 ++++++++++++++++++++++ 2020/35xxx/CVE-2020-35774.json | 67 +++++++++++++++++++ 2020/9xxx/CVE-2020-9093.json | 50 +++++++++++++- 2020/9xxx/CVE-2020-9094.json | 83 ++++++++++++++++++++++- 2020/9xxx/CVE-2020-9124.json | 116 ++++++++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9125.json | 50 +++++++++++++- 2020/9xxx/CVE-2020-9207.json | 83 ++++++++++++++++++++++- 2020/9xxx/CVE-2020-9208.json | 50 +++++++++++++- 2020/9xxx/CVE-2020-9223.json | 101 +++++++++++++++++++++++++++- 18 files changed, 1038 insertions(+), 42 deletions(-) create mode 100644 2020/35xxx/CVE-2020-35772.json create mode 100644 2020/35xxx/CVE-2020-35773.json create mode 100644 2020/35xxx/CVE-2020-35774.json diff --git a/2020/13xxx/CVE-2020-13956.json b/2020/13xxx/CVE-2020-13956.json index d5b6c323da1..2d8890ec087 100644 --- a/2020/13xxx/CVE-2020-13956.json +++ b/2020/13xxx/CVE-2020-13956.json @@ -78,6 +78,11 @@ "refsource": "MLIST", "name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", "url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?", + "url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1848.json b/2020/1xxx/CVE-2020-1848.json index df2f6b10c9e..00a765e6f0b 100644 --- a/2020/1xxx/CVE-2020-1848.json +++ b/2020/1xxx/CVE-2020-1848.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Jackman-AL00D", + "version": { + "version_data": [ + { + "version_value": "8.2.0.185(C00R2P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally." } ] } diff --git a/2020/28xxx/CVE-2020-28278.json b/2020/28xxx/CVE-2020-28278.json index ee1f5e3991e..dcad1d2369a 100644 --- a/2020/28xxx/CVE-2020-28278.json +++ b/2020/28xxx/CVE-2020-28278.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "shvl", + "version": { + "version_data": [ + { + "version_value": "1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 2.0.0, 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/robinvdvleuten/shvl/blob/bef0a3ebade444cc6b297147ecf5242308f0892e/index.js#L10", + "url": "https://github.com/robinvdvleuten/shvl/blob/bef0a3ebade444cc6b297147ecf5242308f0892e/index.js#L10" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28278", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28278" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018shvl\u2019 versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28279.json b/2020/28xxx/CVE-2020-28279.json index 465881a7e39..4d99111b89b 100644 --- a/2020/28xxx/CVE-2020-28279.json +++ b/2020/28xxx/CVE-2020-28279.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "flattenizer", + "version": { + "version_data": [ + { + "version_value": "0.0.5, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sahellebusch/flattenizer/pull/13", + "url": "https://github.com/sahellebusch/flattenizer/pull/13" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28279", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28279" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018flattenizer\u2019 versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28280.json b/2020/28xxx/CVE-2020-28280.json index 35c9e287610..39430a70705 100644 --- a/2020/28xxx/CVE-2020-28280.json +++ b/2020/28xxx/CVE-2020-28280.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "predefine", + "version": { + "version_data": [ + { + "version_value": "0.0.0, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.1.1, 0.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bigpipe/predefine/blob/238137e3d1b8288ff5d7529c3cbcdd371888c26b/index.js#L284", + "url": "https://github.com/bigpipe/predefine/blob/238137e3d1b8288ff5d7529c3cbcdd371888c26b/index.js#L284" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28280", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28280" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018predefine\u2019 versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28281.json b/2020/28xxx/CVE-2020-28281.json index a07be5aad54..0fd3d752f03 100644 --- a/2020/28xxx/CVE-2020-28281.json +++ b/2020/28xxx/CVE-2020-28281.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "set-object-value", + "version": { + "version_data": [ + { + "version_value": "0.0.0, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/react-atomic/react-atomic-organism/blob/e5645a2f9e632ffdebc83d720498831e09754c22/packages/lib/set-object-value/src/index.js#L16", + "url": "https://github.com/react-atomic/react-atomic-organism/blob/e5645a2f9e632ffdebc83d720498831e09754c22/packages/lib/set-object-value/src/index.js#L16" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28281", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28281" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018set-object-value\u2019 versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28282.json b/2020/28xxx/CVE-2020-28282.json index 4f32956b76b..4577edc4f85 100644 --- a/2020/28xxx/CVE-2020-28282.json +++ b/2020/28xxx/CVE-2020-28282.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "getobject", + "version": { + "version_data": [ + { + "version_value": "0.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cowboy/node-getobject/blob/aba04a8e1d6180eb39eff09990c3a43886ba8937/lib/getobject.js#L48", + "url": "https://github.com/cowboy/node-getobject/blob/aba04a8e1d6180eb39eff09990c3a43886ba8937/lib/getobject.js#L48" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28282", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28282" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018getobject\u2019 version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28283.json b/2020/28xxx/CVE-2020-28283.json index 9ffc80c8f54..f87d81952f1 100644 --- a/2020/28xxx/CVE-2020-28283.json +++ b/2020/28xxx/CVE-2020-28283.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libnested", + "version": { + "version_data": [ + { + "version_value": "0.0.0, 1.0.0, 1.1.0, 1.2.1, 1.2.3, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/dominictarr/libnested/blob/d028a1b0f2e5f16fc28e568f52b936ae0bca0647/index.js#L27", + "url": "https://github.com/dominictarr/libnested/blob/d028a1b0f2e5f16fc28e568f52b936ae0bca0647/index.js#L27" + }, + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28284", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28284" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in \u2018libnested\u2019 versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/35xxx/CVE-2020-35772.json b/2020/35xxx/CVE-2020-35772.json new file mode 100644 index 00000000000..6d3f9cf390a --- /dev/null +++ b/2020/35xxx/CVE-2020-35772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35773.json b/2020/35xxx/CVE-2020-35773.json new file mode 100644 index 00000000000..017a35793b4 --- /dev/null +++ b/2020/35xxx/CVE-2020-35773.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/2445009/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2445009/" + }, + { + "url": "https://developer.wordpress.org/reference/functions/wp_create_nonce/", + "refsource": "MISC", + "name": "https://developer.wordpress.org/reference/functions/wp_create_nonce/" + }, + { + "url": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/", + "refsource": "MISC", + "name": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/" + }, + { + "url": "https://wordpress.org/plugins/site-offline/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/site-offline/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35774.json b/2020/35xxx/CVE-2020-35774.json new file mode 100644 index 00000000000..0ca1ecc3393 --- /dev/null +++ b/2020/35xxx/CVE-2020-35774.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6c", + "refsource": "MISC", + "name": "https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6c" + }, + { + "url": "https://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0", + "refsource": "MISC", + "name": "https://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9093.json b/2020/9xxx/CVE-2020-9093.json index c378e2c6615..09742e869ab 100644 --- a/2020/9xxx/CVE-2020-9093.json +++ b/2020/9xxx/CVE-2020-9093.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Taurus-AL00A", + "version": { + "version_data": [ + { + "version_value": "10.0.0.1(C00E1R1P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service." } ] } diff --git a/2020/9xxx/CVE-2020-9094.json b/2020/9xxx/CVE-2020-9094.json index 2ee93828f85..85dfdec5ed4 100644 --- a/2020/9xxx/CVE-2020-9094.json +++ b/2020/9xxx/CVE-2020-9094.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 5800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 6800", + "version": { + "version_data": [ + { + "version_value": "V200R005C20SPC800" + }, + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 7800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service." } ] } diff --git a/2020/9xxx/CVE-2020-9124.json b/2020/9xxx/CVE-2020-9124.json index 207965bad14..9bdb4fbd497 100644 --- a/2020/9xxx/CVE-2020-9124.json +++ b/2020/9xxx/CVE-2020-9124.json @@ -4,14 +4,124 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800", + "version": { + "version_data": [ + { + "version_value": "V200R002C50SPC800" + }, + { + "version_value": "V200R003C00SPC810" + }, + { + "version_value": "V200R005C00SPC800" + }, + { + "version_value": "V200R005C10SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 5800", + "version": { + "version_data": [ + { + "version_value": "V200R002C50SPC800" + }, + { + "version_value": "V200R003C00SPC810" + }, + { + "version_value": "V200R005C00SPC800" + }, + { + "version_value": "V200R005C10SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 6800", + "version": { + "version_data": [ + { + "version_value": "V200R002C50SPC800" + }, + { + "version_value": "V200R003C00SPC810" + }, + { + "version_value": "V200R005C00SPC800" + }, + { + "version_value": "V200R005C10SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 7800", + "version": { + "version_data": [ + { + "version_value": "V200R002C50SPC800" + }, + { + "version_value": "V200R003C00SPC810" + }, + { + "version_value": "V200R005C00SPC800" + }, + { + "version_value": "V200R005C10SPC800" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak." } ] } diff --git a/2020/9xxx/CVE-2020-9125.json b/2020/9xxx/CVE-2020-9125.json index 97a6340fd0e..d1f29614efb 100644 --- a/2020/9xxx/CVE-2020-9125.json +++ b/2020/9xxx/CVE-2020-9125.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out Of Bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally." } ] } diff --git a/2020/9xxx/CVE-2020-9207.json b/2020/9xxx/CVE-2020-9207.json index f020a1a10f1..f003e6e0a1b 100644 --- a/2020/9xxx/CVE-2020-9207.json +++ b/2020/9xxx/CVE-2020-9207.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 5800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 6800", + "version": { + "version_data": [ + { + "version_value": "V200R005C20SPC800" + }, + { + "version_value": "V200R019C00SPC800" + } + ] + } + }, + { + "product_name": "CloudEngine 7800", + "version": { + "version_data": [ + { + "version_value": "V200R019C00SPC800" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service." } ] } diff --git a/2020/9xxx/CVE-2020-9208.json b/2020/9xxx/CVE-2020-9208.json index 404cb126028..86540ae1e44 100644 --- a/2020/9xxx/CVE-2020-9208.json +++ b/2020/9xxx/CVE-2020-9208.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "iManager NetEco 6000", + "version": { + "version_data": [ + { + "version_value": "V600R021C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-neteco-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-neteco-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak." } ] } diff --git a/2020/9xxx/CVE-2020-9223.json b/2020/9xxx/CVE-2020-9223.json index 898eed668f8..7ec223c35ba 100644 --- a/2020/9xxx/CVE-2020-9223.json +++ b/2020/9xxx/CVE-2020-9223.json @@ -4,14 +4,109 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HONOR 20 PRO", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C10E3R3P2)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C185E3R5P1)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C636E3R3P1)" + } + ] + } + }, + { + "product_name": "Princeton-AL10D", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.168(C00E166R4P11)" + } + ] + } + }, + { + "product_name": "Yale-L21A", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C10E3R3P2)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C185E2R2P1)" + }, + { + "version_value": "Versions earlier than 10.1.0.231(C636E3R3P1)" + } + ] + } + }, + { + "product_name": "Yale-L61A", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.225(C432E3R1P2)" + }, + { + "version_value": "Versions earlier than 10.1.0.226(C10E3R1P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-03-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-03-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module." } ] }