From ca0e8a394176067f1b50810a6dda25774b015198 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 Jul 2020 13:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/17xxx/CVE-2017-17458.json | 5 +++ 2018/1000xxx/CVE-2018-1000132.json | 5 +++ 2018/13xxx/CVE-2018-13346.json | 5 +++ 2018/13xxx/CVE-2018-13347.json | 5 +++ 2018/13xxx/CVE-2018-13348.json | 5 +++ 2019/3xxx/CVE-2019-3902.json | 5 +++ 2020/10xxx/CVE-2020-10731.json | 50 ++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14334.json | 50 ++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14337.json | 50 ++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14520.json | 50 ++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9248.json | 50 ++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9249.json | 50 ++++++++++++++++++++++++++++-- 12 files changed, 312 insertions(+), 18 deletions(-) diff --git a/2017/17xxx/CVE-2017-17458.json b/2017/17xxx/CVE-2017-17458.json index e1226f20a34..7b73fe65289 100644 --- a/2017/17xxx/CVE-2017-17458.json +++ b/2017/17xxx/CVE-2017-17458.json @@ -91,6 +91,11 @@ "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000132.json b/2018/1000xxx/CVE-2018-1000132.json index 07cd9a07dd3..fe25841ea34 100644 --- a/2018/1000xxx/CVE-2018-1000132.json +++ b/2018/1000xxx/CVE-2018-1000132.json @@ -73,6 +73,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2276", "url": "https://access.redhat.com/errata/RHSA-2019:2276" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] } diff --git a/2018/13xxx/CVE-2018-13346.json b/2018/13xxx/CVE-2018-13346.json index a7be9bd224b..3ae1dbc8379 100644 --- a/2018/13xxx/CVE-2018-13346.json +++ b/2018/13xxx/CVE-2018-13346.json @@ -66,6 +66,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2276", "url": "https://access.redhat.com/errata/RHSA-2019:2276" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] } diff --git a/2018/13xxx/CVE-2018-13347.json b/2018/13xxx/CVE-2018-13347.json index 5a19cfdf17b..456151fc008 100644 --- a/2018/13xxx/CVE-2018-13347.json +++ b/2018/13xxx/CVE-2018-13347.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2276", "url": "https://access.redhat.com/errata/RHSA-2019:2276" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] } diff --git a/2018/13xxx/CVE-2018-13348.json b/2018/13xxx/CVE-2018-13348.json index c806d3fa0e9..83c29c7ec0d 100644 --- a/2018/13xxx/CVE-2018-13348.json +++ b/2018/13xxx/CVE-2018-13348.json @@ -61,6 +61,11 @@ "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29", "refsource": "MISC", "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] } diff --git a/2019/3xxx/CVE-2019-3902.json b/2019/3xxx/CVE-2019-3902.json index 780e07665cf..c40c70e9d65 100644 --- a/2019/3xxx/CVE-2019-3902.json +++ b/2019/3xxx/CVE-2019-3902.json @@ -63,6 +63,11 @@ "refsource": "UBUNTU", "name": "USN-4086-1", "url": "https://usn.ubuntu.com/4086-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10731.json b/2020/10xxx/CVE-2020-10731.json index 5e313b2248f..617a098e239 100644 --- a/2020/10xxx/CVE-2020-10731.json +++ b/2020/10xxx/CVE-2020-10731.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nova_libvirt container provided by the Red Hat OpenStack Platform", + "version": { + "version_data": [ + { + "version_value": "16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1831544", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831544" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines." } ] } diff --git a/2020/14xxx/CVE-2020-14334.json b/2020/14xxx/CVE-2020-14334.json index 0b5746e1d4e..ed4cb5fee89 100644 --- a/2020/14xxx/CVE-2020-14334.json +++ b/2020/14xxx/CVE-2020-14334.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite", + "version": { + "version_data": [ + { + "version_value": "6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1858284", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858284" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance." } ] } diff --git a/2020/14xxx/CVE-2020-14337.json b/2020/14xxx/CVE-2020-14337.json index 17271adf43a..50aceb1838e 100644 --- a/2020/14xxx/CVE-2020-14337.json +++ b/2020/14xxx/CVE-2020-14337.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ansible Tower", + "version": { + "version_data": [ + { + "version_value": "Ansible Tower 3.7.1 as well as previous versions are affected." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Generation of Error Message Containing Sensitive Information CWE-209" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1859139", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859139" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality." } ] } diff --git a/2020/14xxx/CVE-2020-14520.json b/2020/14xxx/CVE-2020-14520.json index 03fe99a0216..97e9aa31c2c 100644 --- a/2020/14xxx/CVE-2020-14520.json +++ b/2020/14xxx/CVE-2020-14520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ignition 8", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 8.0.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHORIZATION CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)." } ] } diff --git a/2020/9xxx/CVE-2020-9248.json b/2020/9xxx/CVE-2020-9248.json index d3f9670d995..33cf5f85fdd 100644 --- a/2020/9xxx/CVE-2020-9248.json +++ b/2020/9xxx/CVE-2020-9248.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FusionCompute", + "version": { + "version_data": [ + { + "version_value": "8.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-fc-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-fc-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service." } ] } diff --git a/2020/9xxx/CVE-2020-9249.json b/2020/9xxx/CVE-2020-9249.json index 638c1f21cbf..72ca48613ee 100644 --- a/2020/9xxx/CVE-2020-9249.json +++ b/2020/9xxx/CVE-2020-9249.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11)." } ] }