From cb22b44503dd485a9979497d05ea8d1c08453456 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 22:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10129.json | 5 +++ 2019/10xxx/CVE-2019-10130.json | 5 +++ 2019/10xxx/CVE-2019-10164.json | 5 +++ 2019/12xxx/CVE-2019-12278.json | 61 +++++++++++++++++++++++++++--- 2019/16xxx/CVE-2019-16156.json | 68 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17658.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0550.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0551.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0583.json | 68 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0618.json | 5 +++ 2020/10xxx/CVE-2020-10220.json | 5 +++ 2020/10xxx/CVE-2020-10221.json | 5 +++ 2020/6xxx/CVE-2020-6643.json | 50 +++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9064.json | 50 +++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9371.json | 5 +++ 2020/9xxx/CVE-2020-9372.json | 5 +++ 16 files changed, 511 insertions(+), 12 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16156.json create mode 100644 2019/17xxx/CVE-2019-17658.json create mode 100644 2020/0xxx/CVE-2020-0550.json create mode 100644 2020/0xxx/CVE-2020-0551.json create mode 100644 2020/0xxx/CVE-2020-0583.json diff --git a/2019/10xxx/CVE-2019-10129.json b/2019/10xxx/CVE-2019-10129.json index 3a8b0d1c537..aef1101cf19 100644 --- a/2019/10xxx/CVE-2019-10129.json +++ b/2019/10xxx/CVE-2019-10129.json @@ -53,6 +53,11 @@ "url": "https://www.postgresql.org/about/news/1939/", "refsource": "MISC", "name": "https://www.postgresql.org/about/news/1939/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/10xxx/CVE-2019-10130.json b/2019/10xxx/CVE-2019-10130.json index 132abf93fb0..43223d3806b 100644 --- a/2019/10xxx/CVE-2019-10130.json +++ b/2019/10xxx/CVE-2019-10130.json @@ -62,6 +62,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index cdda37a5d1a..638928fe7f1 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e43f49b428", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/12xxx/CVE-2019-12278.json b/2019/12xxx/CVE-2019-12278.json index e4d8379a3e1..af84b0d8ae4 100644 --- a/2019/12xxx/CVE-2019-12278.json +++ b/2019/12xxx/CVE-2019-12278.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://help.opera.com/en/latest/security-and-privacy/", + "refsource": "MISC", + "name": "https://help.opera.com/en/latest/security-and-privacy/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c", + "url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c" } ] } diff --git a/2019/16xxx/CVE-2019-16156.json b/2019/16xxx/CVE-2019-16156.json new file mode 100644 index 00000000000..7e2d7b53d94 --- /dev/null +++ b/2019/16xxx/CVE-2019-16156.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16156", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "6.0.5" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "6.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-265", + "url": "https://fortiguard.com/advisory/FG-IR-19-265" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS)." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17658.json b/2019/17xxx/CVE-2019-17658.json new file mode 100644 index 00000000000..c1d37c5dc53 --- /dev/null +++ b/2019/17xxx/CVE-2019-17658.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17658", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientWindows", + "version": { + "version_data": [ + { + "version_value": "6.2.2 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-281", + "url": "https://fortiguard.com/advisory/FG-IR-19-281" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0550.json b/2020/0xxx/CVE-2020-0550.json new file mode 100644 index 00000000000..b2a36cccb95 --- /dev/null +++ b/2020/0xxx/CVE-2020-0550.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0550", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Snoop Assisted L1D Sampling Advisory", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0551.json b/2020/0xxx/CVE-2020-0551.json new file mode 100644 index 00000000000..db15da558e7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0551.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0551", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors Load Value Injection", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0583.json b/2020/0xxx/CVE-2020-0583.json new file mode 100644 index 00000000000..5b9b3609a14 --- /dev/null +++ b/2020/0xxx/CVE-2020-0583.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0583", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel\u00ae Smart Sound Technology", + "version": { + "version_data": [ + { + "version_value": "before 10th Generation Intel\u00ae Core\u2122 i7 Processors - version 3431" + }, + { + "version_value": "before 8th Generation Intel\u00ae Core\u2122 Processors - version 3349" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel\u00ae Smart Sound Technology before versions: 10th Generation Intel\u00ae Core\u2122 i7 Processors, version 3431 and 8th Generation Intel\u00ae Core\u2122 Processors, version 3349." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0618.json b/2020/0xxx/CVE-2020-0618.json index e3292c0975b..843fd96940b 100644 --- a/2020/0xxx/CVE-2020-0618.json +++ b/2020/0xxx/CVE-2020-0618.json @@ -112,6 +112,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html", + "url": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html" } ] } diff --git a/2020/10xxx/CVE-2020-10220.json b/2020/10xxx/CVE-2020-10220.json index b25372b5bc7..19ed2c99d1b 100644 --- a/2020/10xxx/CVE-2020-10220.json +++ b/2020/10xxx/CVE-2020-10220.json @@ -56,6 +56,11 @@ "url": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py", "refsource": "MISC", "name": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html" } ] } diff --git a/2020/10xxx/CVE-2020-10221.json b/2020/10xxx/CVE-2020-10221.json index 08be32dea96..e7b8d8a8579 100644 --- a/2020/10xxx/CVE-2020-10221.json +++ b/2020/10xxx/CVE-2020-10221.json @@ -61,6 +61,11 @@ "url": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html", "refsource": "MISC", "name": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html" } ] } diff --git a/2020/6xxx/CVE-2020-6643.json b/2020/6xxx/CVE-2020-6643.json index db25cae0162..052df27a77b 100644 --- a/2020/6xxx/CVE-2020-6643.json +++ b/2020/6xxx/CVE-2020-6643.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiIsolator", + "version": { + "version_data": [ + { + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-270", + "url": "https://fortiguard.com/advisory/FG-IR-19-270" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS)." } ] } diff --git a/2020/9xxx/CVE-2020-9064.json b/2020/9xxx/CVE-2020-9064.json index f41920a6cf4..5d4bc26bda4 100644 --- a/2020/9xxx/CVE-2020-9064.json +++ b/2020/9xxx/CVE-2020-9064.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Honor V30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-202003116-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-202003116-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak." } ] } diff --git a/2020/9xxx/CVE-2020-9371.json b/2020/9xxx/CVE-2020-9371.json index 20a3c5b4dc9..97a9b801f0a 100644 --- a/2020/9xxx/CVE-2020-9371.json +++ b/2020/9xxx/CVE-2020-9371.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10110", "url": "https://wpvulndb.com/vulnerabilities/10110" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html" } ] } diff --git a/2020/9xxx/CVE-2020-9372.json b/2020/9xxx/CVE-2020-9372.json index 48a4e350d78..b48a06c75f3 100644 --- a/2020/9xxx/CVE-2020-9372.json +++ b/2020/9xxx/CVE-2020-9372.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.hotdreamweaver.com/support/view.php?id=815925", "url": "https://www.hotdreamweaver.com/support/view.php?id=815925" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html" } ] }