From cb6d67ba4eaac0c2a145c6cf72d12cc56487706b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Nov 2020 16:01:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20805.json | 2 +- 2019/10xxx/CVE-2019-10086.json | 5 +++ 2019/14xxx/CVE-2019-14553.json | 62 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14559.json | 62 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14562.json | 62 ++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1778.json | 4 +-- 2020/24xxx/CVE-2020-24890.json | 2 +- 2020/27xxx/CVE-2020-27216.json | 5 +++ 2020/28xxx/CVE-2020-28421.json | 50 +++++++++++++++++++++++++-- 2020/28xxx/CVE-2020-28979.json | 18 ++++++++++ 2020/28xxx/CVE-2020-28980.json | 18 ++++++++++ 2020/28xxx/CVE-2020-28981.json | 18 ++++++++++ 2020/28xxx/CVE-2020-28982.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7777.json | 12 ++++--- 14 files changed, 326 insertions(+), 12 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14553.json create mode 100644 2019/14xxx/CVE-2019-14559.json create mode 100644 2019/14xxx/CVE-2019-14562.json create mode 100644 2020/28xxx/CVE-2020-28979.json create mode 100644 2020/28xxx/CVE-2020-28980.json create mode 100644 2020/28xxx/CVE-2020-28981.json create mode 100644 2020/28xxx/CVE-2020-28982.json diff --git a/2018/20xxx/CVE-2018-20805.json b/2018/20xxx/CVE-2018-20805.json index e16499388c9..b5f6c2b78b7 100644 --- a/2018/20xxx/CVE-2018-20805.json +++ b/2018/20xxx/CVE-2018-20805.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10.\nThis issue affects:\nMongoDB Inc. MongoDB Server\n3.6 versions prior to 3.6.10;\n4.0 versions prior to 4.0.5." + "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5." } ] }, diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index c89798d521f..2d4cacd575b 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -218,6 +218,11 @@ "refsource": "MLIST", "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086", "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086", + "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E" } ] }, diff --git a/2019/14xxx/CVE-2019-14553.json b/2019/14xxx/CVE-2019-14553.json new file mode 100644 index 00000000000..36ec0fceedf --- /dev/null +++ b/2019/14xxx/CVE-2019-14553.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14553", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=960", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=960" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14559.json b/2019/14xxx/CVE-2019-14559.json new file mode 100644 index 00000000000..afeb5df42e9 --- /dev/null +++ b/2019/14xxx/CVE-2019-14559.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14559", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14562.json b/2019/14xxx/CVE-2019-14562.json new file mode 100644 index 00000000000..4e9f84ffc9c --- /dev/null +++ b/2019/14xxx/CVE-2019-14562.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14562", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "EDK II" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215", + "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1778.json b/2020/1xxx/CVE-2020-1778.json index d9c36606a05..7d68470ea90 100644 --- a/2020/1xxx/CVE-2020-1778.json +++ b/2020/1xxx/CVE-2020-1778.json @@ -34,7 +34,7 @@ "credit": [ { "lang": "eng", - "value": "László Gyaraki " + "value": "L\u00e1szl\u00f3 Gyaraki " } ], "data_format": "MITRE", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. \n\nThis issue affects\nOTRS;\n8.0.9 and prior versions." + "value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions." } ] }, diff --git a/2020/24xxx/CVE-2020-24890.json b/2020/24xxx/CVE-2020-24890.json index 34548bbf492..c713ec8ee22 100644 --- a/2020/24xxx/CVE-2020-24890.json +++ b/2020/24xxx/CVE-2020-24890.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution." + "value": "** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way." } ] }, diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index 440f36dfbb1..7d72ab42aa9 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -115,6 +115,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201123-0005/", "url": "https://security.netapp.com/advisory/ntap-20201123-0005/" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20201123 Owasp test failing - Jetty 9.4.32 - CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed1b16fb@%3Cdev.zookeeper.apache.org%3E" } ] } diff --git a/2020/28xxx/CVE-2020-28421.json b/2020/28xxx/CVE-2020-28421.json index 274cdb98f69..91220661995 100644 --- a/2020/28xxx/CVE-2020-28421.json +++ b/2020/28xxx/CVE-2020-28421.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vuln@ca.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CA Unified Infrastructure Management", + "version": { + "version_data": [ + { + "version_value": "20.1, 9.2.0, 9.1.0, 9.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565", + "url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges." } ] } diff --git a/2020/28xxx/CVE-2020-28979.json b/2020/28xxx/CVE-2020-28979.json new file mode 100644 index 00000000000..600e4b4bc76 --- /dev/null +++ b/2020/28xxx/CVE-2020-28979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28980.json b/2020/28xxx/CVE-2020-28980.json new file mode 100644 index 00000000000..843bdd76675 --- /dev/null +++ b/2020/28xxx/CVE-2020-28980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28981.json b/2020/28xxx/CVE-2020-28981.json new file mode 100644 index 00000000000..efeb5a962b2 --- /dev/null +++ b/2020/28xxx/CVE-2020-28981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28982.json b/2020/28xxx/CVE-2020-28982.json new file mode 100644 index 00000000000..1f3a7819b3b --- /dev/null +++ b/2020/28xxx/CVE-2020-28982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7777.json b/2020/7xxx/CVE-2020-7777.json index 148ed163b04..08ad78369f3 100644 --- a/2020/7xxx/CVE-2020-7777.json +++ b/2020/7xxx/CVE-2020-7777.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670", + "name": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670" }, { - "refsource": "CONFIRM", - "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875" + "refsource": "MISC", + "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875", + "name": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package jsen.\n If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine.\r\nIn the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable.\r\n\r\nIn particular the required field of the schema is not properly sanitized.\r\nThe resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.\r\n\r\n" + "value": "This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution." } ] },