From a635767e0e3489b9ed98a5135d9c2c4f1fbd41eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 4 May 2020 12:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12425.json | 10 ++++++ 2019/17xxx/CVE-2019-17569.json | 5 +++ 2020/12xxx/CVE-2020-12114.json | 56 ++++++++++++++++++++++++++++++---- 2020/12xxx/CVE-2020-12637.json | 18 +++++++++++ 2020/1xxx/CVE-2020-1935.json | 5 +++ 2020/1xxx/CVE-2020-1938.json | 5 +++ 2020/8xxx/CVE-2020-8018.json | 4 +-- 7 files changed, 95 insertions(+), 8 deletions(-) create mode 100644 2020/12xxx/CVE-2020-12637.json diff --git a/2019/12xxx/CVE-2019-12425.json b/2019/12xxx/CVE-2019-12425.json index e5f008b0f3f..2ead42c033c 100644 --- a/2019/12xxx/CVE-2019-12425.json +++ b/2019/12xxx/CVE-2019-12425.json @@ -48,6 +48,16 @@ "refsource": "CONFIRM", "name": "https://s.apache.org/7sr1x", "url": "https://s.apache.org/7sr1x" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-user] 20200503 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection", + "url": "https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309dffd7e0e59091817@%3Cuser.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-user] 20200504 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection", + "url": "https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579a81d70cfda6f3d@%3Cuser.ofbiz.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17569.json b/2019/17xxx/CVE-2019-17569.json index 96ae896d6a3..9328a439421 100644 --- a/2019/17xxx/CVE-2019-17569.json +++ b/2019/17xxx/CVE-2019-17569.json @@ -79,6 +79,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200327-0005/", "url": "https://security.netapp.com/advisory/ntap-20200327-0005/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4673", + "url": "https://www.debian.org/security/2020/dsa-4673" } ] }, diff --git a/2020/12xxx/CVE-2020-12114.json b/2020/12xxx/CVE-2020-12114.json index 51bd6d16e18..d4c4b0a054b 100644 --- a/2020/12xxx/CVE-2020-12114.json +++ b/2020/12xxx/CVE-2020-12114.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/05/04/2", + "url": "http://www.openwall.com/lists/oss-security/2020/05/04/2" } ] } diff --git a/2020/12xxx/CVE-2020-12637.json b/2020/12xxx/CVE-2020-12637.json new file mode 100644 index 00000000000..b2d20affb22 --- /dev/null +++ b/2020/12xxx/CVE-2020-12637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1935.json b/2020/1xxx/CVE-2020-1935.json index e5c126d3ed7..b2ef78e142f 100644 --- a/2020/1xxx/CVE-2020-1935.json +++ b/2020/1xxx/CVE-2020-1935.json @@ -79,6 +79,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200327-0005/", "url": "https://security.netapp.com/advisory/ntap-20200327-0005/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4673", + "url": "https://www.debian.org/security/2020/dsa-4673" } ] }, diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 54be8e244fe..eac86608275 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -229,6 +229,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0597", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4673", + "url": "https://www.debian.org/security/2020/dsa-4673" } ] }, diff --git a/2020/8xxx/CVE-2020-8018.json b/2020/8xxx/CVE-2020-8018.json index 6630d391702..df2e3c8e374 100644 --- a/2020/8xxx/CVE-2020-8018.json +++ b/2020/8xxx/CVE-2020-8018.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-04-03T00:00:00.000Z", "ID": "CVE-2020-8018", "STATE": "PUBLIC", @@ -50,7 +50,7 @@ "description_data": [ { "lang": "eng", - "value": "A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user\nThis issue affects:\nSUSE Linux Enterprise Server 15 SP1\nSLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions;\nSLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;" + "value": "A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;" } ] },