From a2cfc2799aef8dadd041cb50c3707ea31a31a0ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 25 Aug 2020 14:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10713.json | 15 ++++++ 2020/14xxx/CVE-2020-14500.json | 82 +++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14508.json | 85 +++++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14510.json | 85 +++++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14512.json | 85 +++++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14522.json | 82 +++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14524.json | 82 +++++++++++++++++++++++++++++--- 2020/15xxx/CVE-2020-15335.json | 61 +++++++++++++++++++++--- 2020/15xxx/CVE-2020-15336.json | 61 +++++++++++++++++++++--- 2020/24xxx/CVE-2020-24240.json | 61 +++++++++++++++++++++--- 2020/24xxx/CVE-2020-24241.json | 56 +++++++++++++++++++--- 2020/24xxx/CVE-2020-24242.json | 56 +++++++++++++++++++--- 2020/24xxx/CVE-2020-24614.json | 67 +++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8733.json | 7 ++- 14 files changed, 818 insertions(+), 67 deletions(-) create mode 100644 2020/24xxx/CVE-2020-24614.json diff --git a/2020/10xxx/CVE-2020-10713.json b/2020/10xxx/CVE-2020-10713.json index ae79475bb17..144bdaa802f 100644 --- a/2020/10xxx/CVE-2020-10713.json +++ b/2020/10xxx/CVE-2020-10713.json @@ -44,6 +44,16 @@ }, "references": { "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4735", + "url": "https://www.debian.org/security/2020/dsa-4735" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", + "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3" + }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243", @@ -78,6 +88,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1168", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html" + }, + { + "refsource": "MISC", + "name": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/", + "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/" } ] }, diff --git a/2020/14xxx/CVE-2020-14500.json b/2020/14xxx/CVE-2020-14500.json index 91e8a1a1294..712e40a9be5 100644 --- a/2020/14xxx/CVE-2020-14500.json +++ b/2020/14xxx/CVE-2020-14500.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secomea GateManager all versions prior to 9.2c", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "all", + "version_value": "9.2c" + } + ] + } + } + ] + }, + "vendor_name": "Secomea GateManager all versions prior to 9.2c" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14508.json b/2020/14xxx/CVE-2020-14508.json index 7ee50de77b3..03173c10fa7 100644 --- a/2020/14xxx/CVE-2020-14508.json +++ b/2020/14xxx/CVE-2020-14508.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OFF-BY-ONE ERROR CWE-193" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions prior to 9.2c", + "version_value": "9.2c" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OFF-BY-ONE ERROR CWE-193" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01" + } + ] + }, + "source": { + "defect": [ + "ICSA-20-210-01" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14510.json b/2020/14xxx/CVE-2020-14510.json index c0e3bf6c6a4..f55f1322b17 100644 --- a/2020/14xxx/CVE-2020-14510.json +++ b/2020/14xxx/CVE-2020-14510.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OFF-BY-ONE ERROR CWE-193" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions prior to 9.2c", + "version_value": "9.2c" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OFF-BY-ONE ERROR CWE-193" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01" + } + ] + }, + "source": { + "defect": [ + "ICSA-20-210-01" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14512.json b/2020/14xxx/CVE-2020-14512.json index 84a5e806371..9c594acc9c3 100644 --- a/2020/14xxx/CVE-2020-14512.json +++ b/2020/14xxx/CVE-2020-14512.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions prior to 9.2c", + "version_value": "9.2c" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01" + } + ] + }, + "source": { + "defect": [ + "ICSA-20-210-01" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14522.json b/2020/14xxx/CVE-2020-14522.json index 2bd22c7b531..6c79bdd2451 100644 --- a/2020/14xxx/CVE-2020-14522.json +++ b/2020/14xxx/CVE-2020-14522.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Softing Industrial Automation OPC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OPC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "4.47.0" + } + ] + } + } + ] + }, + "vendor_name": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14524.json b/2020/14xxx/CVE-2020-14524.json index 6a60734538e..0b04ec1ee68 100644 --- a/2020/14xxx/CVE-2020-14524.json +++ b/2020/14xxx/CVE-2020-14524.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-28T00:00:00.000Z", "ID": "CVE-2020-14524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Softing Industrial Automation OPC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OPC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "4.47.0" + } + ] + } + } + ] + }, + "vendor_name": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15335.json b/2020/15xxx/CVE-2020-15335.json index 97a076d0383..f473b601c68 100644 --- a/2020/15xxx/CVE-2020-15335.json +++ b/2020/15xxx/CVE-2020-15335.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15335", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15335", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext", + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext" } ] } diff --git a/2020/15xxx/CVE-2020-15336.json b/2020/15xxx/CVE-2020-15336.json index fd78636137a..0217cb38dcd 100644 --- a/2020/15xxx/CVE-2020-15336.json +++ b/2020/15xxx/CVE-2020-15336.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15336", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15336", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext", + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext" } ] } diff --git a/2020/24xxx/CVE-2020-24240.json b/2020/24xxx/CVE-2020-24240.json index 344422bc543..230c7e65740 100644 --- a/2020/24xxx/CVE-2020-24240.json +++ b/2020/24xxx/CVE-2020-24240.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24240", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24240", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNU Bison 3.7 has a use after free (UAF) vulnerability. A local attacker may execute bison with crafted input file containing a NULL byte, which could triggers UAF and thus cause system crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d", + "refsource": "MISC", + "name": "https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d" + }, + { + "url": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html" } ] } diff --git a/2020/24xxx/CVE-2020-24241.json b/2020/24xxx/CVE-2020-24241.json index 805fbb67310..318013c67a8 100644 --- a/2020/24xxx/CVE-2020-24241.json +++ b/2020/24xxx/CVE-2020-24241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", + "refsource": "MISC", + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392707" } ] } diff --git a/2020/24xxx/CVE-2020-24242.json b/2020/24xxx/CVE-2020-24242.json index 42b3af3cc07..b197ad6a2d5 100644 --- a/2020/24xxx/CVE-2020-24242.json +++ b/2020/24xxx/CVE-2020-24242.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24242", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24242", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", + "refsource": "MISC", + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392708" } ] } diff --git a/2020/24xxx/CVE-2020-24614.json b/2020/24xxx/CVE-2020-24614.json new file mode 100644 index 00000000000..8b5ccd4fd0c --- /dev/null +++ b/2020/24xxx/CVE-2020-24614.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2020/08/20/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/08/20/1" + }, + { + "url": "https://fossil-scm.org/forum/info/a05ae3ce7760daf6", + "refsource": "MISC", + "name": "https://fossil-scm.org/forum/info/a05ae3ce7760daf6" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8733.json b/2020/8xxx/CVE-2020-8733.json index 73d8ebf43e2..17f3a5b2d09 100644 --- a/2020/8xxx/CVE-2020-8733.json +++ b/2020/8xxx/CVE-2020-8733.json @@ -50,9 +50,14 @@ "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00386.html" }, { - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20200814-0003/", "url": "https://security.netapp.com/advisory/ntap-20200814-0003/" + }, + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00386.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00386.html" } ] },