From 904d6db327bb9a621f6e02f03604e8e0e5fb801e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 Jul 2020 20:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15869.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15870.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15871.json | 61 ++++++++++++++++++++++++++++++---- 2020/16xxx/CVE-2020-16255.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16256.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16257.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16258.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16259.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16260.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16261.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16262.json | 18 ++++++++++ 2020/16xxx/CVE-2020-16263.json | 18 ++++++++++ 2020/5xxx/CVE-2020-5414.json | 2 +- 13 files changed, 328 insertions(+), 19 deletions(-) create mode 100644 2020/16xxx/CVE-2020-16255.json create mode 100644 2020/16xxx/CVE-2020-16256.json create mode 100644 2020/16xxx/CVE-2020-16257.json create mode 100644 2020/16xxx/CVE-2020-16258.json create mode 100644 2020/16xxx/CVE-2020-16259.json create mode 100644 2020/16xxx/CVE-2020-16260.json create mode 100644 2020/16xxx/CVE-2020-16261.json create mode 100644 2020/16xxx/CVE-2020-16262.json create mode 100644 2020/16xxx/CVE-2020-16263.json diff --git a/2020/15xxx/CVE-2020-15869.json b/2020/15xxx/CVE-2020-15869.json index eaaf09947b6..53afae076b9 100644 --- a/2020/15xxx/CVE-2020-15869.json +++ b/2020/15xxx/CVE-2020-15869.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15869", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15869", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sonatype.com", + "refsource": "MISC", + "name": "https://support.sonatype.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360051424554", + "url": "https://support.sonatype.com/hc/en-us/articles/360051424554" } ] } diff --git a/2020/15xxx/CVE-2020-15870.json b/2020/15xxx/CVE-2020-15870.json index f0befc94f9a..541db5bf439 100644 --- a/2020/15xxx/CVE-2020-15870.json +++ b/2020/15xxx/CVE-2020-15870.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15870", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15870", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sonatype.com", + "refsource": "MISC", + "name": "https://support.sonatype.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360051424754", + "url": "https://support.sonatype.com/hc/en-us/articles/360051424754" } ] } diff --git a/2020/15xxx/CVE-2020-15871.json b/2020/15xxx/CVE-2020-15871.json index 04172a3f823..8432bf4d633 100644 --- a/2020/15xxx/CVE-2020-15871.json +++ b/2020/15xxx/CVE-2020-15871.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15871", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15871", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sonatype.com", + "refsource": "MISC", + "name": "https://support.sonatype.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360052192693", + "url": "https://support.sonatype.com/hc/en-us/articles/360052192693" } ] } diff --git a/2020/16xxx/CVE-2020-16255.json b/2020/16xxx/CVE-2020-16255.json new file mode 100644 index 00000000000..66d3474199f --- /dev/null +++ b/2020/16xxx/CVE-2020-16255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16256.json b/2020/16xxx/CVE-2020-16256.json new file mode 100644 index 00000000000..f4e2078eb82 --- /dev/null +++ b/2020/16xxx/CVE-2020-16256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16257.json b/2020/16xxx/CVE-2020-16257.json new file mode 100644 index 00000000000..9a576f7beed --- /dev/null +++ b/2020/16xxx/CVE-2020-16257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16258.json b/2020/16xxx/CVE-2020-16258.json new file mode 100644 index 00000000000..e1996ad84fe --- /dev/null +++ b/2020/16xxx/CVE-2020-16258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16259.json b/2020/16xxx/CVE-2020-16259.json new file mode 100644 index 00000000000..9294cad45bb --- /dev/null +++ b/2020/16xxx/CVE-2020-16259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16260.json b/2020/16xxx/CVE-2020-16260.json new file mode 100644 index 00000000000..4c59c1fc172 --- /dev/null +++ b/2020/16xxx/CVE-2020-16260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16261.json b/2020/16xxx/CVE-2020-16261.json new file mode 100644 index 00000000000..3c3539c4656 --- /dev/null +++ b/2020/16xxx/CVE-2020-16261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16262.json b/2020/16xxx/CVE-2020-16262.json new file mode 100644 index 00000000000..8218b3b414f --- /dev/null +++ b/2020/16xxx/CVE-2020-16262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16263.json b/2020/16xxx/CVE-2020-16263.json new file mode 100644 index 00000000000..c5f689c6b1e --- /dev/null +++ b/2020/16xxx/CVE-2020-16263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5414.json b/2020/5xxx/CVE-2020-5414.json index 96583feb1ca..8a5969a57a6 100644 --- a/2020/5xxx/CVE-2020-5414.json +++ b/2020/5xxx/CVE-2020-5414.json @@ -85,7 +85,7 @@ "description_data": [ { "lang": "eng", - "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user.\nThe same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1.\nNote that these logs are typically only visible to foundation administrators and operators." + "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators." } ] },