From bf5ceae1ee423761a0017697601f571a1e5b1222 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 May 2020 15:01:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20795.json | 5 ++++ 2020/11xxx/CVE-2020-11845.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12244.json | 5 ++++ 2020/12xxx/CVE-2020-12662.json | 5 ++++ 2020/12xxx/CVE-2020-12663.json | 5 ++++ 2020/12xxx/CVE-2020-12667.json | 5 ++++ 2020/12xxx/CVE-2020-12888.json | 5 ++++ 2020/1xxx/CVE-2020-1695.json | 5 ++-- 2020/7xxx/CVE-2020-7454.json | 10 +++++++ 2020/7xxx/CVE-2020-7455.json | 5 ++++ 2020/8xxx/CVE-2020-8021.json | 6 ++-- 2020/8xxx/CVE-2020-8616.json | 9 ++++-- 2020/8xxx/CVE-2020-8617.json | 9 ++++-- 13 files changed, 112 insertions(+), 12 deletions(-) diff --git a/2019/20xxx/CVE-2019-20795.json b/2019/20xxx/CVE-2019-20795.json index 339eb4c4c91..1886c6a471b 100644 --- a/2019/20xxx/CVE-2019-20795.json +++ b/2019/20xxx/CVE-2019-20795.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1171452", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452" + }, + { + "refsource": "UBUNTU", + "name": "USN-4357-1", + "url": "https://usn.ubuntu.com/4357-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11845.json b/2020/11xxx/CVE-2020-11845.json index 04cbee3fdae..736f0989ba6 100644 --- a/2020/11xxx/CVE-2020-11845.json +++ b/2020/11xxx/CVE-2020-11845.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Service Manager.", + "version": { + "version_data": [ + { + "version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03640285", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03640285" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML." } ] } diff --git a/2020/12xxx/CVE-2020-12244.json b/2020/12xxx/CVE-2020-12244.json index 940208dd858..2045fcb165b 100644 --- a/2020/12xxx/CVE-2020-12244.json +++ b/2020/12xxx/CVE-2020-12244.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16 released fixing multiple vulnerabilities", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/3" } ] } diff --git a/2020/12xxx/CVE-2020-12662.json b/2020/12xxx/CVE-2020-12662.json index 6a48cfb56f9..e4df4b5b997 100644 --- a/2020/12xxx/CVE-2020-12662.json +++ b/2020/12xxx/CVE-2020-12662.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://www.nxnsattack.com", "url": "http://www.nxnsattack.com" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5" } ] } diff --git a/2020/12xxx/CVE-2020-12663.json b/2020/12xxx/CVE-2020-12663.json index 2c3e835a7cd..e0523c19312 100644 --- a/2020/12xxx/CVE-2020-12663.json +++ b/2020/12xxx/CVE-2020-12663.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5" } ] } diff --git a/2020/12xxx/CVE-2020-12667.json b/2020/12xxx/CVE-2020-12667.json index df4f5e28166..8cbf2fb1171 100644 --- a/2020/12xxx/CVE-2020-12667.json +++ b/2020/12xxx/CVE-2020-12667.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html", "url": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/2" } ] } diff --git a/2020/12xxx/CVE-2020-12888.json b/2020/12xxx/CVE-2020-12888.json index fc53016b3b3..5b3f7bdf6da 100644 --- a/2020/12xxx/CVE-2020-12888.json +++ b/2020/12xxx/CVE-2020-12888.json @@ -61,6 +61,11 @@ "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/", "refsource": "MISC", "name": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" } ] } diff --git a/2020/1xxx/CVE-2020-1695.json b/2020/1xxx/CVE-2020-1695.json index 6d175029b5d..a924a1487ed 100644 --- a/2020/1xxx/CVE-2020-1695.json +++ b/2020/1xxx/CVE-2020-1695.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1695", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -71,4 +72,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7454.json b/2020/7xxx/CVE-2020-7454.json index 03cf434b2e2..d734e999b02 100644 --- a/2020/7xxx/CVE-2020-7454.json +++ b/2020/7xxx/CVE-2020-7454.json @@ -53,6 +53,16 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200518-0005/", "url": "https://security.netapp.com/advisory/ntap-20200518-0005/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-660/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-660/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-659/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-659/" } ] }, diff --git a/2020/7xxx/CVE-2020-7455.json b/2020/7xxx/CVE-2020-7455.json index 2df363d6695..f7acbf6de38 100644 --- a/2020/7xxx/CVE-2020-7455.json +++ b/2020/7xxx/CVE-2020-7455.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200518-0005/", "url": "https://security.netapp.com/advisory/ntap-20200518-0005/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-661/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-661/" } ] }, diff --git a/2020/8xxx/CVE-2020-8021.json b/2020/8xxx/CVE-2020-8021.json index be17a0475de..839b271472a 100644 --- a/2020/8xxx/CVE-2020-8021.json +++ b/2020/8xxx/CVE-2020-8021.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-05-19T00:00:00.000Z", "ID": "CVE-2020-8021", "STATE": "PUBLIC", @@ -34,7 +34,7 @@ "credit": [ { "lang": "eng", - "value": "Marcus Hüwe" + "value": "Marcus H\u00fcwe" } ], "data_format": "MITRE", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled\nThis issue affects:\nOpen Build Service versions prior to 2.10.5." + "value": "a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5." } ] }, diff --git a/2020/8xxx/CVE-2020-8616.json b/2020/8xxx/CVE-2020-8616.json index bb372b6e83c..6f0bb9c842f 100644 --- a/2020/8xxx/CVE-2020-8616.json +++ b/2020/8xxx/CVE-2020-8616.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.\n\nThis has at least two potential effects:\n\n The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and\n The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor." + "value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor." } ] }, @@ -90,6 +90,11 @@ "name": "http://www.nxnsattack.com", "refsource": "MISC", "url": "http://www.nxnsattack.com" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4" } ] }, @@ -108,4 +113,4 @@ "value": "None" } ] -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8617.json b/2020/8xxx/CVE-2020-8617.json index f2665c4c530..bb024492448 100644 --- a/2020/8xxx/CVE-2020-8617.json +++ b/2020/8xxx/CVE-2020-8617.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.\n\nSince BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable.\n\nIn releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results." + "value": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results." } ] }, @@ -78,6 +78,11 @@ "name": "https://kb.isc.org/docs/cve-2020-8617", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2020-8617" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)", + "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4" } ] }, @@ -96,4 +101,4 @@ "value": "None known." } ] -} +} \ No newline at end of file