From 82b23bf64f9264e04f87aa12438bc4a6ecd0d20a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 24 Dec 2020 16:02:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/35xxx/CVE-2020-35659.json | 61 +++++++++++++++++++++++++--- 2020/35xxx/CVE-2020-35679.json | 72 ++++++++++++++++++++++++++++++++++ 2020/35xxx/CVE-2020-35680.json | 72 ++++++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9119.json | 62 +++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9120.json | 50 +++++++++++++++++++++-- 2020/9xxx/CVE-2020-9137.json | 59 ++++++++++++++++++++++++++-- 6 files changed, 361 insertions(+), 15 deletions(-) create mode 100644 2020/35xxx/CVE-2020-35679.json create mode 100644 2020/35xxx/CVE-2020-35680.json diff --git a/2020/35xxx/CVE-2020-35659.json b/2020/35xxx/CVE-2020-35659.json index c151828bdeb..25d76000d80 100644 --- a/2020/35xxx/CVE-2020-35659.json +++ b/2020/35xxx/CVE-2020-35659.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35659", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35659", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/pi-hole/AdminLTE/pull/1665", + "url": "https://github.com/pi-hole/AdminLTE/pull/1665" + }, + { + "refsource": "CONFIRM", + "name": "https://discourse.pi-hole.net/t/pi-hole-core-web-v5-2-2-and-ftl-v5-3-3-released/41998", + "url": "https://discourse.pi-hole.net/t/pi-hole-core-web-v5-2-2-and-ftl-v5-3-3-released/41998" } ] } diff --git a/2020/35xxx/CVE-2020-35679.json b/2020/35xxx/CVE-2020-35679.json new file mode 100644 index 00000000000..e8d97158f5d --- /dev/null +++ b/2020/35xxx/CVE-2020-35679.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/", + "refsource": "MISC", + "name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/" + }, + { + "url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html" + }, + { + "url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043", + "refsource": "MISC", + "name": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043" + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35680.json b/2020/35xxx/CVE-2020-35680.json new file mode 100644 index 00000000000..3129438ed97 --- /dev/null +++ b/2020/35xxx/CVE-2020-35680.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/", + "refsource": "MISC", + "name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/" + }, + { + "url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html" + }, + { + "url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1", + "refsource": "MISC", + "name": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9119.json b/2020/9xxx/CVE-2020-9119.json index 4716631100b..f1b7b070b13 100644 --- a/2020/9xxx/CVE-2020-9119.json +++ b/2020/9xxx/CVE-2020-9119.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)" + }, + { + "version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)" + }, + { + "version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)" + }, + { + "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)" + }, + { + "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion." } ] } diff --git a/2020/9xxx/CVE-2020-9120.json b/2020/9xxx/CVE-2020-9120.json index 8f22a026f89..43da77ec4f0 100644 --- a/2020/9xxx/CVE-2020-9120.json +++ b/2020/9xxx/CVE-2020-9120.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 1800V", + "version": { + "version_data": [ + { + "version_value": "V100R019C10SPC500" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-cloudengine-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-cloudengine-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally." } ] } diff --git a/2020/9xxx/CVE-2020-9137.json b/2020/9xxx/CVE-2020-9137.json index f8cabea5853..ae07e0396f9 100644 --- a/2020/9xxx/CVE-2020-9137.json +++ b/2020/9xxx/CVE-2020-9137.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800", + "version": { + "version_data": [ + { + "version_value": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800" + }, + { + "version_value": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800" + }, + { + "version_value": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800" + }, + { + "version_value": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation." } ] }