From ac22237ad3565d111449ea62ea608980af5f0886 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 May 2020 14:02:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10725.json | 15 +++++--- 2020/10xxx/CVE-2020-10726.json | 11 ++++-- 2020/11xxx/CVE-2020-11716.json | 56 +++++++++++++++++++++++++--- 2020/12xxx/CVE-2020-12667.json | 12 +++--- 2020/13xxx/CVE-2020-13230.json | 67 ++++++++++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13231.json | 67 ++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1955.json | 50 +++++++++++++++++++++++-- 2020/3xxx/CVE-2020-3956.json | 50 +++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5753.json | 50 +++++++++++++++++++++++-- 9 files changed, 349 insertions(+), 29 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13230.json create mode 100644 2020/13xxx/CVE-2020-13231.json diff --git a/2020/10xxx/CVE-2020-10725.json b/2020/10xxx/CVE-2020-10725.json index cc76752790f..e2a379f3414 100644 --- a/2020/10xxx/CVE-2020-10725.json +++ b/2020/10xxx/CVE-2020-10725.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10725", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -46,16 +47,20 @@ }, "references": { "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2020/05/18/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/05/18/2" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725", "refsource": "CONFIRM" }, { - "url": "https://www.openwall.com/lists/oss-security/2020/05/18/2" - }, - { - "url": "https://bugs.dpdk.org/show_bug.cgi?id=270" + "url": "https://bugs.dpdk.org/show_bug.cgi?id=270", + "refsource": "MISC", + "name": "https://bugs.dpdk.org/show_bug.cgi?id=270" } ] }, diff --git a/2020/10xxx/CVE-2020-10726.json b/2020/10xxx/CVE-2020-10726.json index 59fffd646f8..9470e8079d8 100644 --- a/2020/10xxx/CVE-2020-10726.json +++ b/2020/10xxx/CVE-2020-10726.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10726", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -47,7 +48,9 @@ "references": { "reference_data": [ { - "url": "https://www.openwall.com/lists/oss-security/2020/05/18/2" + "url": "https://www.openwall.com/lists/oss-security/2020/05/18/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/05/18/2" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726", @@ -55,7 +58,9 @@ "refsource": "CONFIRM" }, { - "url": "https://bugs.dpdk.org/show_bug.cgi?id=271" + "url": "https://bugs.dpdk.org/show_bug.cgi?id=271", + "refsource": "MISC", + "name": "https://bugs.dpdk.org/show_bug.cgi?id=271" } ] }, diff --git a/2020/11xxx/CVE-2020-11716.json b/2020/11xxx/CVE-2020-11716.json index d52b94bac73..6fc22be4e92 100644 --- a/2020/11xxx/CVE-2020-11716.json +++ b/2020/11xxx/CVE-2020-11716.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11716", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11716", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at \"End-of-software-support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mobile.panasonic.com/in/advisory", + "url": "https://mobile.panasonic.com/in/advisory" } ] } diff --git a/2020/12xxx/CVE-2020-12667.json b/2020/12xxx/CVE-2020-12667.json index e05760a57cc..3d7375b5dd9 100644 --- a/2020/12xxx/CVE-2020-12667.json +++ b/2020/12xxx/CVE-2020-12667.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "refsource": "MISC", - "name": "http://cyber-security-group.cs.tau.ac.il/#", - "url": "http://cyber-security-group.cs.tau.ac.il/#" - }, { "refsource": "MISC", "name": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/", @@ -71,7 +66,12 @@ "refsource": "MLIST", "name": "[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation", "url": "http://www.openwall.com/lists/oss-security/2020/05/19/2" + }, + { + "refsource": "MISC", + "name": "http://cyber-security-group.cs.tau.ac.il/#", + "url": "http://cyber-security-group.cs.tau.ac.il/#" } ] } -} +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13230.json b/2020/13xxx/CVE-2020-13230.json new file mode 100644 index 00000000000..ce4eb9052b2 --- /dev/null +++ b/2020/13xxx/CVE-2020-13230.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3343", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3343" + }, + { + "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13231.json b/2020/13xxx/CVE-2020-13231.json new file mode 100644 index 00000000000..08e94b90d68 --- /dev/null +++ b/2020/13xxx/CVE-2020-13231.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11" + }, + { + "url": "https://github.com/Cacti/cacti/issues/3342", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3342" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1955.json b/2020/1xxx/CVE-2020-1955.json index 14746ced9ec..5c6edf7e78c 100644 --- a/2020/1xxx/CVE-2020-1955.json +++ b/2020/1xxx/CVE-2020-1955.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache CouchDB", + "version": { + "version_data": [ + { + "version_value": "Apache CouchDB 3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.couchdb.org/en/master/cve/2020-1955.html", + "url": "https://docs.couchdb.org/en/master/cve/2020-1955.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue." } ] } diff --git a/2020/3xxx/CVE-2020-3956.json b/2020/3xxx/CVE-2020-3956.json index 980192155d0..9eb0c8219a9 100644 --- a/2020/3xxx/CVE-2020-3956.json +++ b/2020/3xxx/CVE-2020-3956.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Cloud Director", + "version": { + "version_data": [ + { + "version_value": "VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0010.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0010.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access." } ] } diff --git a/2020/5xxx/CVE-2020-5753.json b/2020/5xxx/CVE-2020-5753.json index f1940c513dc..7f67a32241f 100644 --- a/2020/5xxx/CVE-2020-5753.json +++ b/2020/5xxx/CVE-2020-5753.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Signal Private Messenger", + "version": { + "version_data": [ + { + "version_value": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-33", + "url": "https://www.tenable.com/security/research/tra-2020-33" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined." } ] }