From bbd87031ed5e6f2124c9d930d7625dbbbe4e0c06 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Apr 2020 19:01:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/1xxx/CVE-2019-1551.json | 5 +++ 2020/10xxx/CVE-2020-10641.json | 50 ++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12243.json | 66 ++++++++++++++++++++++++++++++---- 2020/12xxx/CVE-2020-12427.json | 18 ++++++++++ 2020/12xxx/CVE-2020-12428.json | 18 ++++++++++ 2020/12xxx/CVE-2020-12429.json | 18 ++++++++++ 2020/1xxx/CVE-2020-1967.json | 5 +++ 2020/7xxx/CVE-2020-7644.json | 55 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9482.json | 50 ++++++++++++++++++++++++-- 9 files changed, 270 insertions(+), 15 deletions(-) create mode 100644 2020/12xxx/CVE-2020-12427.json create mode 100644 2020/12xxx/CVE-2020-12428.json create mode 100644 2020/12xxx/CVE-2020-12429.json diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 92bb0865f6a..69ee44e8ebe 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -129,6 +129,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-fcc91a28e8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2020-03", + "url": "https://www.tenable.com/security/tns-2020-03" } ] } diff --git a/2020/10xxx/CVE-2020-10641.json b/2020/10xxx/CVE-2020-10641.json index 1fb89c6eca1..eeb79879458 100644 --- a/2020/10xxx/CVE-2020-10641.json +++ b/2020/10xxx/CVE-2020-10641.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ignition 8 Gateway", + "version": { + "version_data": [ + { + "version_value": "versions prior to 8.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROLS CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition." } ] } diff --git a/2020/12xxx/CVE-2020-12243.json b/2020/12xxx/CVE-2020-12243.json index 31d52584ad9..4c20603a772 100644 --- a/2020/12xxx/CVE-2020-12243.json +++ b/2020/12xxx/CVE-2020-12243.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12243", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12243", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.openldap.org/show_bug.cgi?id=9202", + "refsource": "MISC", + "name": "https://bugs.openldap.org/show_bug.cgi?id=9202" + }, + { + "refsource": "CONFIRM", + "name": "https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES", + "url": "https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES" + }, + { + "refsource": "CONFIRM", + "name": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440", + "url": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440" } ] } diff --git a/2020/12xxx/CVE-2020-12427.json b/2020/12xxx/CVE-2020-12427.json new file mode 100644 index 00000000000..b5aa19b3ae0 --- /dev/null +++ b/2020/12xxx/CVE-2020-12427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12428.json b/2020/12xxx/CVE-2020-12428.json new file mode 100644 index 00000000000..c04ec3b1149 --- /dev/null +++ b/2020/12xxx/CVE-2020-12428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12429.json b/2020/12xxx/CVE-2020-12429.json new file mode 100644 index 00000000000..07008d7dc3f --- /dev/null +++ b/2020/12xxx/CVE-2020-12429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1967.json b/2020/1xxx/CVE-2020-1967.json index f43aecf8232..e9f87cddd19 100644 --- a/2020/1xxx/CVE-2020-1967.json +++ b/2020/1xxx/CVE-2020-1967.json @@ -131,6 +131,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-fcc91a28e8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2020-03", + "url": "https://www.tenable.com/security/tns-2020-03" } ] } diff --git a/2020/7xxx/CVE-2020-7644.json b/2020/7xxx/CVE-2020-7644.json index f6e15b9a980..00cede95528 100644 --- a/2020/7xxx/CVE-2020-7644.json +++ b/2020/7xxx/CVE-2020-7644.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "fun-map", + "version": { + "version_data": [ + { + "version_value": "All versions including 3.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/nathan7/fun-map/blob/master/index.js#L137,", + "url": "https://github.com/nathan7/fun-map/blob/master/index.js#L137," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-FUNMAP-564436", + "url": "https://snyk.io/vuln/SNYK-JS-FUNMAP-564436" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload." } ] } diff --git a/2020/9xxx/CVE-2020-9482.json b/2020/9xxx/CVE-2020-9482.json index 8ceba8e53be..d3b35a5db03 100644 --- a/2020/9xxx/CVE-2020-9482.json +++ b/2020/9xxx/CVE-2020-9482.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi Registry", + "version": { + "version_data": [ + { + "version_value": "0.1.0 to 0.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nifi.apache.org/registry-security.html#CVE-2020-9482", + "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry." } ] }