From c7194b19f575faba1928c8aacccdb10b27780614 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 Jan 2020 16:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/4xxx/CVE-2014-4859.json | 67 +++++++++++- 2014/4xxx/CVE-2014-4860.json | 67 +++++++++++- 2019/18xxx/CVE-2019-18634.json | 5 + 2019/19xxx/CVE-2019-19232.json | 30 ++++++ 2019/4xxx/CVE-2019-4720.json | 192 ++++++++++++++++----------------- 2020/8xxx/CVE-2020-8422.json | 75 +++++++++++-- 2020/8xxx/CVE-2020-8501.json | 18 ++++ 7 files changed, 346 insertions(+), 108 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8501.json diff --git a/2014/4xxx/CVE-2014-4859.json b/2014/4xxx/CVE-2014-4859.json index d54ab39663c..fa69303c213 100644 --- a/2014/4xxx/CVE-2014-4859.json +++ b/2014/4xxx/CVE-2014-4859.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2014-4859", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Phoenix Technologies Ltd.", + "product": { + "product_data": [ + { + "product_name": "SCT3", + "version": { + "version_data": [ + { + "version_value": "before 5/23/2014" + } + ] + } + } + ] + } + }, + { + "vendor_name": "American Megatrends Incorporated (AMI)", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/552286", + "url": "http://www.kb.cert.org/vuls/id/552286" } ] } diff --git a/2014/4xxx/CVE-2014-4860.json b/2014/4xxx/CVE-2014-4860.json index 67a9387efba..657ca77ae08 100644 --- a/2014/4xxx/CVE-2014-4860.json +++ b/2014/4xxx/CVE-2014-4860.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2014-4860", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Phoenix Technologies Ltd.", + "product": { + "product_data": [ + { + "product_name": "SCT3", + "version": { + "version_data": [ + { + "version_value": "before 5/23/2014" + } + ] + } + } + ] + } + }, + { + "vendor_name": "American Megatrends Incorporated (AMI)", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/552286", + "url": "http://www.kb.cert.org/vuls/id/552286" } ] } diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index 3ec24226d3b..2f406231f5b 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled", "url": "http://www.openwall.com/lists/oss-security/2020/01/30/6" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled", + "url": "http://www.openwall.com/lists/oss-security/2020/01/31/1" } ] } diff --git a/2019/19xxx/CVE-2019-19232.json b/2019/19xxx/CVE-2019-19232.json index f75305b270e..d4dedf4878f 100644 --- a/2019/19xxx/CVE-2019-19232.json +++ b/2019/19xxx/CVE-2019-19232.json @@ -66,6 +66,36 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0004/", "url": "https://security.netapp.com/advisory/ntap-20200103-0004/" + }, + { + "refsource": "MISC", + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812" + }, + { + "refsource": "MISC", + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979" + }, + { + "refsource": "MISC", + "name": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html", + "url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html" + }, + { + "refsource": "MISC", + "name": "https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5506", + "url": "https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5506" + }, + { + "refsource": "MISC", + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58103", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58103" + }, + { + "refsource": "CONFIRM", + "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19232", + "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19232" } ] } diff --git a/2019/4xxx/CVE-2019-4720.json b/2019/4xxx/CVE-2019-4720.json index 06a68911d82..b34536ec117 100644 --- a/2019/4xxx/CVE-2019-4720.json +++ b/2019/4xxx/CVE-2019-4720.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ID" : "CVE-2019-4720", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-01-30T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125." - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "C" : "N", - "I" : "N", - "PR" : "N", - "A" : "H", - "SCORE" : "7.500", - "AV" : "N", - "UI" : "N", - "S" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1285372", - "url" : "https://www.ibm.com/support/pages/node/1285372", - "title" : "IBM Security Bulletin 1285372 (WebSphere Application Server)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172125", - "name" : "ibm-websphere-cve20194720-dos (172125)" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ID": "CVE-2019-4720", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-01-30T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - }, - "product_name" : "WebSphere Application Server" - } - ] - } + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] } - ] - } - }, - "data_version" : "4.0" -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125." + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AC": "L", + "C": "N", + "I": "N", + "PR": "N", + "A": "H", + "SCORE": "7.500", + "AV": "N", + "UI": "N", + "S": "U" + } + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1285372", + "url": "https://www.ibm.com/support/pages/node/1285372", + "title": "IBM Security Bulletin 1285372 (WebSphere Application Server)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172125", + "name": "ibm-websphere-cve20194720-dos (172125)" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + }, + "product_name": "WebSphere Application Server" + } + ] + } + } + ] + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8422.json b/2020/8xxx/CVE-2020-8422.json index 7744947c7c9..fef2717588e 100644 --- a/2020/8xxx/CVE-2020-8422.json +++ b/2020/8xxx/CVE-2020-8422.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422" + }, + { + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/", + "url": "https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8501.json b/2020/8xxx/CVE-2020-8501.json new file mode 100644 index 00000000000..6ca36a11c19 --- /dev/null +++ b/2020/8xxx/CVE-2020-8501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file