From 850fab0105dbef25ea75853ee5936909bedc5810 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Jun 2020 13:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11051.json | 58 +++--------------------- 2019/16xxx/CVE-2019-16150.json | 62 ++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13816.json | 18 ++++++++ 2020/13xxx/CVE-2020-13817.json | 81 ++++++++++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13818.json | 62 ++++++++++++++++++++++++++ 2020/6xxx/CVE-2020-6640.json | 50 +++++++++++++++++++-- 2020/9xxx/CVE-2020-9292.json | 50 +++++++++++++++++++-- 7 files changed, 324 insertions(+), 57 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16150.json create mode 100644 2020/13xxx/CVE-2020-13816.json create mode 100644 2020/13xxx/CVE-2020-13817.json create mode 100644 2020/13xxx/CVE-2020-13818.json diff --git a/2016/11xxx/CVE-2016-11051.json b/2016/11xxx/CVE-2016-11051.json index dd1f2f232fc..7c6ba0f6820 100644 --- a/2016/11xxx/CVE-2016-11051.json +++ b/2016/11xxx/CVE-2016-11051.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-11051", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-11051", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016)." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://security.samsungmobile.com/securityUpdate.smsb", - "refsource": "CONFIRM", - "url": "https://security.samsungmobile.com/securityUpdate.smsb" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0569. Reason: This candidate is a duplicate of CVE-2015-0569. Notes: All CVE users should reference CVE-2015-0569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/16xxx/CVE-2019-16150.json b/2019/16xxx/CVE-2019-16150.json new file mode 100644 index 00000000000..b2a2410c6e2 --- /dev/null +++ b/2019/16xxx/CVE-2019-16150.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16150", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient for Windows", + "version": { + "version_data": [ + { + "version_value": "FortiClient for Windows below 6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-19-194", + "url": "https://fortiguard.com/psirt/FG-IR-19-194" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13816.json b/2020/13xxx/CVE-2020-13816.json new file mode 100644 index 00000000000..8eee6bbcec1 --- /dev/null +++ b/2020/13xxx/CVE-2020-13816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13817.json b/2020/13xxx/CVE-2020-13817.json new file mode 100644 index 00000000000..684254cef58 --- /dev/null +++ b/2020/13xxx/CVE-2020-13817.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://support.ntp.org/bin/view/Main/NtpBug3596", + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/NtpBug3596" + }, + { + "url": "https://bugs.ntp.org/show_bug.cgi?id=3596", + "refsource": "MISC", + "name": "https://bugs.ntp.org/show_bug.cgi?id=3596" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13818.json b/2020/13xxx/CVE-2020-13818.json new file mode 100644 index 00000000000..3a0a31fba75 --- /dev/null +++ b/2020/13xxx/CVE-2020-13818.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validation can be bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6640.json b/2020/6xxx/CVE-2020-6640.json index 4eac728ed31..e28a8bce749 100644 --- a/2020/6xxx/CVE-2020-6640.json +++ b/2020/6xxx/CVE-2020-6640.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiAnalyzer", + "version": { + "version_data": [ + { + "version_value": "FortiAnalyzer 6.2.3, 6.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-20-003", + "url": "https://fortiguard.com/advisory/FG-IR-20-003" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area." } ] } diff --git a/2020/9xxx/CVE-2020-9292.json b/2020/9xxx/CVE-2020-9292.json index e6ac3e0068d..771f4b77c48 100644 --- a/2020/9xxx/CVE-2020-9292.json +++ b/2020/9xxx/CVE-2020-9292.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEMWindowsAgent", + "version": { + "version_data": [ + { + "version_value": "FortiSIEMWindowsAgent 3.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-20-021", + "url": "https://fortiguard.com/advisory/FG-IR-20-021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path." } ] }