From ae1c64041f9e8db07251864d8f5fd2757065dbea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Apr 2020 21:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11494.json | 62 +++++++++++++++++++ 2020/11xxx/CVE-2020-11495.json | 18 ++++++ 2020/11xxx/CVE-2020-11496.json | 18 ++++++ 2020/11xxx/CVE-2020-11497.json | 18 ++++++ 2020/7xxx/CVE-2020-7619.json | 55 ++++++++++++++++- 2020/7xxx/CVE-2020-7620.json | 55 ++++++++++++++++- 2020/7xxx/CVE-2020-7621.json | 55 ++++++++++++++++- 2020/7xxx/CVE-2020-7623.json | 55 ++++++++++++++++- 2020/9xxx/CVE-2020-9067.json | 106 ++++++++++++++++++++++++++++++++- 9 files changed, 427 insertions(+), 15 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11494.json create mode 100644 2020/11xxx/CVE-2020-11495.json create mode 100644 2020/11xxx/CVE-2020-11496.json create mode 100644 2020/11xxx/CVE-2020-11497.json diff --git a/2020/11xxx/CVE-2020-11494.json b/2020/11xxx/CVE-2020-11494.json new file mode 100644 index 00000000000..73467d813f0 --- /dev/null +++ b/2020/11xxx/CVE-2020-11494.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11495.json b/2020/11xxx/CVE-2020-11495.json new file mode 100644 index 00000000000..1f84f74d7cd --- /dev/null +++ b/2020/11xxx/CVE-2020-11495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11496.json b/2020/11xxx/CVE-2020-11496.json new file mode 100644 index 00000000000..cf3d81d30a0 --- /dev/null +++ b/2020/11xxx/CVE-2020-11496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11497.json b/2020/11xxx/CVE-2020-11497.json new file mode 100644 index 00000000000..90bb357cb1d --- /dev/null +++ b/2020/11xxx/CVE-2020-11497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7619.json b/2020/7xxx/CVE-2020-7619.json index 960890ff550..ae52fee3483 100644 --- a/2020/7xxx/CVE-2020-7619.json +++ b/2020/7xxx/CVE-2020-7619.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "get-git-data", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/chardos/get-git-data/blob/master/index.js#L7,", + "url": "https://github.com/chardos/get-git-data/blob/master/index.js#L7," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GETGITDATA-564222", + "url": "https://snyk.io/vuln/SNYK-JS-GETGITDATA-564222" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data." } ] } diff --git a/2020/7xxx/CVE-2020-7620.json b/2020/7xxx/CVE-2020-7620.json index 43e84d185b6..a100995fa57 100644 --- a/2020/7xxx/CVE-2020-7620.json +++ b/2020/7xxx/CVE-2020-7620.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pomelo-monitor", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/halfblood369/monitor/blob/900b5cadf59edcccac4754e5706a22719925ddb9/lib/processMonitor.js,", + "url": "https://github.com/halfblood369/monitor/blob/900b5cadf59edcccac4754e5706a22719925ddb9/lib/processMonitor.js," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-POMELOMONITOR-173695", + "url": "https://snyk.io/vuln/SNYK-JS-POMELOMONITOR-173695" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params." } ] } diff --git a/2020/7xxx/CVE-2020-7621.json b/2020/7xxx/CVE-2020-7621.json index 7ccbfca0ed1..867e924c4d0 100644 --- a/2020/7xxx/CVE-2020-7621.json +++ b/2020/7xxx/CVE-2020-7621.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "strong-nginx-controller", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/strongloop/strong-nginx-controller/blob/master/lib/server.js#L65,", + "url": "https://github.com/strongloop/strong-nginx-controller/blob/master/lib/server.js#L65," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-STRONGNGINXCONTROLLER-564248", + "url": "https://snyk.io/vuln/SNYK-JS-STRONGNGINXCONTROLLER-564248" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function." } ] } diff --git a/2020/7xxx/CVE-2020-7623.json b/2020/7xxx/CVE-2020-7623.json index 9e35bde3fda..f74de5f1587 100644 --- a/2020/7xxx/CVE-2020-7623.json +++ b/2020/7xxx/CVE-2020-7623.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jscover", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59,", + "url": "https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-JSCOVER-564250", + "url": "https://snyk.io/vuln/SNYK-JS-JSCOVER-564250" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument." } ] } diff --git a/2020/9xxx/CVE-2020-9067.json b/2020/9xxx/CVE-2020-9067.json index 0a4133c8281..c2ce741158e 100644 --- a/2020/9xxx/CVE-2020-9067.json +++ b/2020/9xxx/CVE-2020-9067.json @@ -4,14 +4,114 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SmartAX MA5600T", + "version": { + "version_data": [ + { + "version_value": "V800R013C10" + }, + { + "version_value": "V800R015C00" + }, + { + "version_value": "V800R015C10" + }, + { + "version_value": "V800R017C00" + }, + { + "version_value": "V800R017C10" + }, + { + "version_value": "V800R018C00" + }, + { + "version_value": "V800R018C10" + } + ] + } + }, + { + "product_name": "SmartAX MA5800", + "version": { + "version_data": [ + { + "version_value": "V100R017C00" + }, + { + "version_value": "V100R017C10" + }, + { + "version_value": "V100R018C00" + }, + { + "version_value": "V100R018C10" + }, + { + "version_value": "V100R019C10" + } + ] + } + }, + { + "product_name": "SmartAX EA5800", + "version": { + "version_data": [ + { + "version_value": "V100R018C00" + }, + { + "version_value": "V100R018C10" + }, + { + "version_value": "V100R019C10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10." } ] }