From b79358ade8d7b9a311958454b15c9bc6a7c261fd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Mar 2020 20:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16406.json | 30 +++++++++++++++ 2019/20xxx/CVE-2019-20503.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10193.json | 62 +++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10194.json | 18 +++++++++ 2020/7xxx/CVE-2020-7212.json | 66 ++++++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8597.json | 5 +++ 6 files changed, 242 insertions(+), 6 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20503.json create mode 100644 2020/10xxx/CVE-2020-10193.json create mode 100644 2020/10xxx/CVE-2020-10194.json diff --git a/2019/16xxx/CVE-2019-16406.json b/2019/16xxx/CVE-2019-16406.json index 8cebfbe18b6..cbab8aa94c5 100644 --- a/2019/16xxx/CVE-2019-16406.json +++ b/2019/16xxx/CVE-2019-16406.json @@ -61,6 +61,36 @@ "refsource": "MISC", "name": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html", "url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html", + "url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html", + "url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html" + }, + { + "refsource": "MISC", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8" + }, + { + "refsource": "MISC", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10" + }, + { + "refsource": "MISC", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31" + }, + { + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/8062", + "url": "https://github.com/centreon/centreon/pull/8062" } ] } diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json new file mode 100644 index 00000000000..ba11551726f --- /dev/null +++ b/2019/20xxx/CVE-2019-20503.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1992", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1992" + }, + { + "url": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467", + "refsource": "MISC", + "name": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10193.json b/2020/10xxx/CVE-2020-10193.json new file mode 100644 index 00000000000..a4506b3278f --- /dev/null +++ b/2020/10xxx/CVE-2020-10193.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html", + "refsource": "MISC", + "name": "https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10194.json b/2020/10xxx/CVE-2020-10194.json new file mode 100644 index 00000000000..b44e02d1934 --- /dev/null +++ b/2020/10xxx/CVE-2020-10194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7212.json b/2020/7xxx/CVE-2020-7212.json index cc7936e9ae6..8cb9c2f9298 100644 --- a/2020/7xxx/CVE-2020-7212.json +++ b/2020/7xxx/CVE-2020-7212.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst", + "url": "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst" + }, + { + "url": "https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a", + "refsource": "MISC", + "name": "https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a" + }, + { + "refsource": "MISC", + "name": "https://pypi.org/project/urllib3/1.25.8/", + "url": "https://pypi.org/project/urllib3/1.25.8/" } ] } diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index 0f68bf6d6a1..6d6ac86b4c1 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -101,6 +101,11 @@ "refsource": "CERT-VN", "name": "VU#782301", "url": "https://www.kb.cert.org/vuls/id/782301" + }, + { + "refsource": "FULLDISC", + "name": "20200306 Buffer overflow in pppd - CVE-2020-8597", + "url": "http://seclists.org/fulldisclosure/2020/Mar/6" } ] }