"-Synchronized-Data."

2025-05-07 19:17:10 +00:00 · 2020-02-22 01:01:06 +00:00 · 2020-02-22 01:01:06 +00:00 · 8ecee5cfe9
commit 8ecee5cfe9
parent 104f91292f
5 changed files with 240 additions and 192 deletions
--- a/2020/8xxx/CVE-2020-8860.json
+++ b/2020/8xxx/CVE-2020-8860.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-        "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call.\n\nThe specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658."
+                "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658."
            }
        ]
    },
@ -54,10 +54,14 @@
    "references": {
        "reference_data": [
            {
-        "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-255/"
+                "url": "https://security.samsungmobile.com/securityUpdate.smsb",
+                "refsource": "MISC",
+                "name": "https://security.samsungmobile.com/securityUpdate.smsb"
            },
            {
-        "url": "https://security.samsungmobile.com/securityUpdate.smsb"
+                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-255/",
+                "refsource": "MISC",
+                "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-255/"
            }
        ]
    },
--- a/2020/8xxx/CVE-2020-8861.json
+++ b/2020/8xxx/CVE-2020-8861.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-        "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router.  Was ZDI-CAN-9554."
+                "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554."
            }
        ]
    },
@ -54,10 +54,14 @@
    "references": {
        "reference_data": [
            {
-        "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-265/"
+                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-265/",
+                "refsource": "MISC",
+                "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-265/"
            },
            {
-        "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155"
+                "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155",
+                "refsource": "MISC",
+                "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155"
            }
        ]
    },
--- a/2020/8xxx/CVE-2020-8862.json
+++ b/2020/8xxx/CVE-2020-8862.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-        "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082."
+                "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082."
            }
        ]
    },
@ -54,10 +54,14 @@
    "references": {
        "reference_data": [
            {
-        "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-266/"
+                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-266/",
+                "refsource": "MISC",
+                "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-266/"
            },
            {
-        "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154"
+                "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154",
+                "refsource": "MISC",
+                "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154"
            }
        ]
    },
--- a/2020/9xxx/CVE-2020-9334.json
+++ b/2020/9xxx/CVE-2020-9334.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-9334",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2020/9xxx/CVE-2020-9335.json
+++ b/2020/9xxx/CVE-2020-9335.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-9335",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}