From 8b583dfbed10ba1d0f669380bcc975e45e6d7100 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Feb 2020 00:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/3xxx/CVE-2018-3987.json | 58 +++++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0090.json | 2 +- 2019/18xxx/CVE-2019-18915.json | 62 ++++++++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5322.json | 58 +++++++++++++++++++++++++++---- 2020/1xxx/CVE-2020-1975.json | 7 ++-- 2020/1xxx/CVE-2020-1976.json | 7 ++-- 2020/1xxx/CVE-2020-1977.json | 5 +-- 2020/5xxx/CVE-2020-5241.json | 4 +-- 2020/6xxx/CVE-2020-6973.json | 50 +++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7208.json | 50 +++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7209.json | 50 +++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8959.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8960.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8961.json | 18 ++++++++++ 14 files changed, 373 insertions(+), 34 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18915.json create mode 100644 2020/8xxx/CVE-2020-8959.json create mode 100644 2020/8xxx/CVE-2020-8960.json create mode 100644 2020/8xxx/CVE-2020-8961.json diff --git a/2018/3xxx/CVE-2018-3987.json b/2018/3xxx/CVE-2018-3987.json index 04d87114f33..799d9afa214 100644 --- a/2018/3xxx/CVE-2018-3987.json +++ b/2018/3xxx/CVE-2018-3987.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3987", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3987", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": " Rakuten Viber", + "version": { + "version_data": [ + { + "version_value": "Rakuten Viber Android 9.3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device." } ] } diff --git a/2019/0xxx/CVE-2019-0090.json b/2019/0xxx/CVE-2019-0090.json index a053e2f3b40..8da390785fb 100644 --- a/2019/0xxx/CVE-2019-0090.json +++ b/2019/0xxx/CVE-2019-0090.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access." + "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access." } ] } diff --git a/2019/18xxx/CVE-2019-18915.json b/2019/18xxx/CVE-2019-18915.json new file mode 100644 index 00000000000..fa1d84507ee --- /dev/null +++ b/2019/18xxx/CVE-2019-18915.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18915", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP System Event Utility", + "version": { + "version_data": [ + { + "version_value": "Prior to version 1.4.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of Arbitrary Code." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06559359", + "url": "https://support.hp.com/us-en/document/c06559359" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5322.json b/2019/5xxx/CVE-2019-5322.json index 995cb1cfdab..91b49de473f 100644 --- a/2019/5xxx/CVE-2019-5322.json +++ b/2019/5xxx/CVE-2019-5322.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5322", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5322", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Intelligent Edge Switch 5400 3810 2920 2930 2530 with GigT port 2530 10/100 port or 2540", + "version": { + "version_data": [ + { + "version_value": "16.08.* before 16.08.0009 16.09.* before 16.09.0007 16.10.* before 16.10.0003" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure vulneraiblity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions." } ] } diff --git a/2020/1xxx/CVE-2020-1975.json b/2020/1xxx/CVE-2020-1975.json index ba65dbfbdfa..f932fdb5461 100644 --- a/2020/1xxx/CVE-2020-1975.json +++ b/2020/1xxx/CVE-2020-1975.json @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.\nThis issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.\nThis issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions." + "value": "Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions." } ] }, @@ -113,8 +113,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-1975" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1975", + "name": "https://security.paloaltonetworks.com/CVE-2020-1975" } ] }, diff --git a/2020/1xxx/CVE-2020-1976.json b/2020/1xxx/CVE-2020-1976.json index b726ab83057..e9c19dd5020 100644 --- a/2020/1xxx/CVE-2020-1976.json +++ b/2020/1xxx/CVE-2020-1976.json @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.\nThis issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.\n" + "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS." } ] }, @@ -89,8 +89,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-1976" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1976", + "name": "https://security.paloaltonetworks.com/CVE-2020-1976" } ] }, diff --git a/2020/1xxx/CVE-2020-1977.json b/2020/1xxx/CVE-2020-1977.json index 21c5840407d..c0dc3b23593 100644 --- a/2020/1xxx/CVE-2020-1977.json +++ b/2020/1xxx/CVE-2020-1977.json @@ -87,8 +87,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2020-1977" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1977", + "name": "https://security.paloaltonetworks.com/CVE-2020-1977" } ] }, diff --git a/2020/5xxx/CVE-2020-5241.json b/2020/5xxx/CVE-2020-5241.json index 98b248902fe..44e298e6220 100644 --- a/2020/5xxx/CVE-2020-5241.json +++ b/2020/5xxx/CVE-2020-5241.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection.\n\nThis vulnerability is patched in version 0.7.4." + "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4." } ] }, @@ -80,4 +80,4 @@ "advisory": "GHSA-3jqw-vv45-mjhh", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6973.json b/2020/6xxx/CVE-2020-6973.json index d6bb6f1eaed..f0afbbd69fa 100644 --- a/2020/6xxx/CVE-2020-6973.json +++ b/2020/6xxx/CVE-2020-6973.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Digi International ConnectPort LTS 32 MEI", + "version": { + "version_data": [ + { + "version_value": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition." } ] } diff --git a/2020/7xxx/CVE-2020-7208.json b/2020/7xxx/CVE-2020-7208.json index b43c3f7d680..1b9fdd23843 100644 --- a/2020/7xxx/CVE-2020-7208.json +++ b/2020/7xxx/CVE-2020-7208.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LinuxKI", + "version": { + "version_data": [ + { + "version_value": "6.0-1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2", + "url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2." } ] } diff --git a/2020/7xxx/CVE-2020-7209.json b/2020/7xxx/CVE-2020-7209.json index f4ab6412b8a..4d8f7de0194 100644 --- a/2020/7xxx/CVE-2020-7209.json +++ b/2020/7xxx/CVE-2020-7209.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LinuxKI", + "version": { + "version_data": [ + { + "version_value": "6.0-1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2", + "url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2." } ] } diff --git a/2020/8xxx/CVE-2020-8959.json b/2020/8xxx/CVE-2020-8959.json new file mode 100644 index 00000000000..c96caafa281 --- /dev/null +++ b/2020/8xxx/CVE-2020-8959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8960.json b/2020/8xxx/CVE-2020-8960.json new file mode 100644 index 00000000000..7af50fbd0d1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8961.json b/2020/8xxx/CVE-2020-8961.json new file mode 100644 index 00000000000..1c226f30664 --- /dev/null +++ b/2020/8xxx/CVE-2020-8961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file