From 81f5015643c9dab41b80c11a51bd24c84916ab7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 May 2020 13:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15126.json | 5 +++ 2020/11xxx/CVE-2020-11022.json | 5 +++ 2020/11xxx/CVE-2020-11023.json | 5 +++ 2020/12xxx/CVE-2020-12662.json | 5 +++ 2020/12xxx/CVE-2020-12663.json | 5 +++ 2020/13xxx/CVE-2020-13386.json | 70 +++++++++++++++++++++++++++++++--- 2020/13xxx/CVE-2020-13625.json | 18 +++++++++ 2020/13xxx/CVE-2020-13626.json | 18 +++++++++ 2020/13xxx/CVE-2020-13627.json | 18 +++++++++ 2020/13xxx/CVE-2020-13628.json | 18 +++++++++ 10 files changed, 161 insertions(+), 6 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13625.json create mode 100644 2020/13xxx/CVE-2020-13626.json create mode 100644 2020/13xxx/CVE-2020-13627.json create mode 100644 2020/13xxx/CVE-2020-13628.json diff --git a/2019/15xxx/CVE-2019-15126.json b/2019/15xxx/CVE-2019-15126.json index ac7e3aaabb4..84246e36259 100644 --- a/2019/15xxx/CVE-2019-15126.json +++ b/2019/15xxx/CVE-2019-15126.json @@ -101,6 +101,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html", "url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en" } ] } diff --git a/2020/11xxx/CVE-2020-11022.json b/2020/11xxx/CVE-2020-11022.json index dd9e40e831a..424842e8b65 100644 --- a/2020/11xxx/CVE-2020-11022.json +++ b/2020/11xxx/CVE-2020-11022.json @@ -98,6 +98,11 @@ "refsource": "CONFIRM", "name": "https://www.drupal.org/sa-core-2020-002", "url": "https://www.drupal.org/sa-core-2020-002" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4693", + "url": "https://www.debian.org/security/2020/dsa-4693" } ] }, diff --git a/2020/11xxx/CVE-2020-11023.json b/2020/11xxx/CVE-2020-11023.json index 36200908187..e06ca6bce0c 100644 --- a/2020/11xxx/CVE-2020-11023.json +++ b/2020/11xxx/CVE-2020-11023.json @@ -93,6 +93,11 @@ "refsource": "CONFIRM", "name": "https://www.drupal.org/sa-core-2020-002", "url": "https://www.drupal.org/sa-core-2020-002" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4693", + "url": "https://www.debian.org/security/2020/dsa-4693" } ] }, diff --git a/2020/12xxx/CVE-2020-12662.json b/2020/12xxx/CVE-2020-12662.json index 7bc3fcde951..9d462767e38 100644 --- a/2020/12xxx/CVE-2020-12662.json +++ b/2020/12xxx/CVE-2020-12662.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-3cfd38fefd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4694", + "url": "https://www.debian.org/security/2020/dsa-4694" } ] } diff --git a/2020/12xxx/CVE-2020-12663.json b/2020/12xxx/CVE-2020-12663.json index a8bdea9c7de..b3571f3ce5c 100644 --- a/2020/12xxx/CVE-2020-12663.json +++ b/2020/12xxx/CVE-2020-12663.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-3cfd38fefd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4694", + "url": "https://www.debian.org/security/2020/dsa-4694" } ] } diff --git a/2020/13xxx/CVE-2020-13386.json b/2020/13xxx/CVE-2020-13386.json index e5eba56f2bf..20c788e29e5 100644 --- a/2020/13xxx/CVE-2020-13386.json +++ b/2020/13xxx/CVE-2020-13386.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\\SmartDraw 2020\\Messages\\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/how-not-do-handle-responsible-disclosure-smartdraw-2020", + "url": "https://improsec.com/tech-blog/how-not-do-handle-responsible-disclosure-smartdraw-2020" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13625.json b/2020/13xxx/CVE-2020-13625.json new file mode 100644 index 00000000000..e4c7ecbb204 --- /dev/null +++ b/2020/13xxx/CVE-2020-13625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13626.json b/2020/13xxx/CVE-2020-13626.json new file mode 100644 index 00000000000..805d2e26c51 --- /dev/null +++ b/2020/13xxx/CVE-2020-13626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13627.json b/2020/13xxx/CVE-2020-13627.json new file mode 100644 index 00000000000..15db749dbc6 --- /dev/null +++ b/2020/13xxx/CVE-2020-13627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13628.json b/2020/13xxx/CVE-2020-13628.json new file mode 100644 index 00000000000..d5ca3a410ec --- /dev/null +++ b/2020/13xxx/CVE-2020-13628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file