From c5a82bb12e9c241287ce537399d7aaed3f2a059f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Feb 2020 15:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5208.json | 2 +- 2020/7xxx/CVE-2020-7216.json | 61 +++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7240.json | 2 +- 2020/7xxx/CVE-2020-7979.json | 61 +++++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8114.json | 66 ++++++++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8633.json | 18 ++++++++++ 6 files changed, 190 insertions(+), 20 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8633.json diff --git a/2020/5xxx/CVE-2020-5208.json b/2020/5xxx/CVE-2020-5208.json index 284f7cac8cf..f16dcfa5b5e 100644 --- a/2020/5xxx/CVE-2020-5208.json +++ b/2020/5xxx/CVE-2020-5208.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user.\n\nThis problem is fixed in version 1.8.19." + "value": "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19." } ] }, diff --git a/2020/7xxx/CVE-2020-7216.json b/2020/7xxx/CVE-2020-7216.json index 6bee60a9464..88b1b8f8fbd 100644 --- a/2020/7xxx/CVE-2020-7216.json +++ b/2020/7xxx/CVE-2020-7216.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00005.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00005.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160905", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160905" } ] } diff --git a/2020/7xxx/CVE-2020-7240.json b/2020/7xxx/CVE-2020-7240.json index b93df28473c..bd620bff5d9 100644 --- a/2020/7xxx/CVE-2020-7240.json +++ b/2020/7xxx/CVE-2020-7240.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration)." + "value": "** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'" } ] }, diff --git a/2020/7xxx/CVE-2020-7979.json b/2020/7xxx/CVE-2020-7979.json index bf229470ac5..40f5ae7bcee 100644 --- a/2020/7xxx/CVE-2020-7979.json +++ b/2020/7xxx/CVE-2020-7979.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7979", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 12.1 and later through 12.7.4 allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/8xxx/CVE-2020-8114.json b/2020/8xxx/CVE-2020-8114.json index ecd3e6e2ff7..1451f4b424d 100644 --- a/2020/8xxx/CVE-2020-8114.json +++ b/2020/8xxx/CVE-2020-8114.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.9 and later through 12.7.2 has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/issues/37468", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/issues/37468" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/8xxx/CVE-2020-8633.json b/2020/8xxx/CVE-2020-8633.json new file mode 100644 index 00000000000..69ec7827c96 --- /dev/null +++ b/2020/8xxx/CVE-2020-8633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file