From b3240eadaf096e58917cdff90897767a7979ea15 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Feb 2020 04:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14553.json | 5 +++ 2020/1xxx/CVE-2020-1842.json | 70 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8010.json | 50 ++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8011.json | 50 ++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8012.json | 50 ++++++++++++++++++++++-- 5 files changed, 213 insertions(+), 12 deletions(-) diff --git a/2018/14xxx/CVE-2018-14553.json b/2018/14xxx/CVE-2018-14553.json index 7bfad2e090c..3ef221a7e5d 100644 --- a/2018/14xxx/CVE-2018-14553.json +++ b/2018/14xxx/CVE-2018-14553.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", "url": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html" } ] } diff --git a/2020/1xxx/CVE-2020-1842.json b/2020/1xxx/CVE-2020-1842.json index 70e924dbc82..9ef29547883 100644 --- a/2020/1xxx/CVE-2020-1842.json +++ b/2020/1xxx/CVE-2020-1842.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HEGE-560", + "version": { + "version_data": [ + { + "version_value": "1.0.1.20(SP2)" + } + ] + } + }, + { + "product_name": "OSCA-550, OSCA-550A", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP1)" + } + ] + } + }, + { + "product_name": "OSCA-550AX, OSCA-550X", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege." } ] } diff --git a/2020/8xxx/CVE-2020-8010.json b/2020/8xxx/CVE-2020-8010.json index fc0e2456266..dcaa24a7e5c 100644 --- a/2020/8xxx/CVE-2020-8010.json +++ b/2020/8xxx/CVE-2020-8010.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vuln@ca.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CA Technologies - A Broadcom Company", + "product": { + "product_data": [ + { + "product_name": "CA Unified Infrastructure Management (Nimsoft/UIM)", + "version": { + "version_data": [ + { + "version_value": "9.20 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper ACL handling RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html", + "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system." } ] } diff --git a/2020/8xxx/CVE-2020-8011.json b/2020/8xxx/CVE-2020-8011.json index 88802ab9889..b992df61fdf 100644 --- a/2020/8xxx/CVE-2020-8011.json +++ b/2020/8xxx/CVE-2020-8011.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8011", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vuln@ca.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CA Technologies - A Broadcom Company", + "product": { + "product_data": [ + { + "product_name": "CA Unified Infrastructure Management (Nimsoft/UIM)", + "version": { + "version_data": [ + { + "version_value": "9.20 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "null pointer dereference DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html", + "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service." } ] } diff --git a/2020/8xxx/CVE-2020-8012.json b/2020/8xxx/CVE-2020-8012.json index 2dc7e87f9e0..329eb7ae3ce 100644 --- a/2020/8xxx/CVE-2020-8012.json +++ b/2020/8xxx/CVE-2020-8012.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8012", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vuln@ca.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CA Technologies - A Broadcom Company", + "product": { + "product_data": [ + { + "product_name": "CA Unified Infrastructure Management (Nimsoft/UIM)", + "version": { + "version_data": [ + { + "version_value": "9.20 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html", + "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code." } ] }