From cc92306baf12898145b1314858b055301782069e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 7 Dec 2020 13:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17527.json | 5 + 2020/5xxx/CVE-2020-5798.json | 55 ++++++- 2020/5xxx/CVE-2020-5799.json | 50 ++++++- 2020/5xxx/CVE-2020-5800.json | 50 ++++++- 2020/9xxx/CVE-2020-9247.json | 256 ++++++++++++++++++++++++++++++++- 5 files changed, 401 insertions(+), 15 deletions(-) diff --git a/2020/17xxx/CVE-2020-17527.json b/2020/17xxx/CVE-2020-17527.json index c065140613b..e800ec51811 100644 --- a/2020/17xxx/CVE-2020-17527.json +++ b/2020/17xxx/CVE-2020-17527.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[guacamole-issues] 20201206 [jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527", "url": "https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-commits] 20201207 [jira] [Created] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.", + "url": "https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5798.json b/2020/5xxx/CVE-2020-5798.json index bf131e89677..a769c266b49 100644 --- a/2020/5xxx/CVE-2020-5798.json +++ b/2020/5xxx/CVE-2020-5798.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Druva inSync macOS Client Installers for v6.8.0 and prior", + "version": { + "version_data": [ + { + "version_value": "Druva inSync macOS Client Installers for v6.8.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-67", + "url": "https://www.tenable.com/security/research/tra-2020-67" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-67,https://docs.druva.com/001_inSync_Cloud/Cloud/010_Release_Details/010_inSync_Cloud_Updates", + "url": "https://www.tenable.com/security/research/tra-2020-67,https://docs.druva.com/001_inSync_Cloud/Cloud/010_Release_Details/010_inSync_Cloud_Updates" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions." } ] } diff --git a/2020/5xxx/CVE-2020-5799.json b/2020/5xxx/CVE-2020-5799.json index e9ce8e7efa6..c07960d736b 100644 --- a/2020/5xxx/CVE-2020-5799.json +++ b/2020/5xxx/CVE-2020-5799.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Eat Spray Love", + "version": { + "version_data": [ + { + "version_value": "Eat Spray Love for iOS 2.0.20, Eat Spray Love for Android 2.0.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Backdoor Account" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-65", + "url": "https://www.tenable.com/security/research/tra-2020-65" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data." } ] } diff --git a/2020/5xxx/CVE-2020-5800.json b/2020/5xxx/CVE-2020-5800.json index 5a5fceeab10..c8f5ed567ec 100644 --- a/2020/5xxx/CVE-2020-5800.json +++ b/2020/5xxx/CVE-2020-5800.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Eat Spray Love", + "version": { + "version_data": [ + { + "version_value": "Eat Spray Love for iOS 2.0.20, Eat Spray Love for Android 2.0.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-65", + "url": "https://www.tenable.com/security/research/tra-2020-65" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to." } ] } diff --git a/2020/9xxx/CVE-2020-9247.json b/2020/9xxx/CVE-2020-9247.json index 3007f36bcff..422023dcf77 100644 --- a/2020/9xxx/CVE-2020-9247.json +++ b/2020/9xxx/CVE-2020-9247.json @@ -1,18 +1,262 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HONOR 20 PRO", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.230(C432E9R5P1)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.231(C10E3R3P2)" + } + ] + } + }, + { + "product_name": "HUAWEI Mate 20", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R3P8)" + } + ] + } + }, + { + "product_name": "HUAWEI Mate 20 Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.270(C432E7R1P5)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.270(C635E3R1P5)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.273(C185E7R2P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.273(C636E7R2P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.277(C10E7R2P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.277(C605E7R1P5)" + } + ] + } + }, + { + "product_name": "HUAWEI Mate 20 X", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R2P8)" + } + ] + } + }, + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0.272(C635E4R2P2)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.123(C432E22R2P5)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.126(C10E7R5P1)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.126(C185E4R7P1)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.126(C605E19R1P3)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.126(C636E5R3P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.126(C636E7R3P4)" + } + ] + } + }, + { + "product_name": "HUAWEI P30 Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R2P8)" + } + ] + } + }, + { + "product_name": "Hima-L29C", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.273(C185E5R2P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.273(C636E5R2P4)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.275(C10E4R2P4)" + } + ] + } + }, + { + "product_name": "Laya-AL00EP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C786E160R3P8)" + } + ] + } + }, + { + "product_name": "Princeton-AL10B", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R2P11)" + } + ] + } + }, + { + "product_name": "Tony-AL00B", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R2P11)" + } + ] + } + }, + { + "product_name": "Yale-L61A", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.225(C432E3R1P2)" + }, + { + "version_affected": "<", + "version_value": "10.1.0.226(C10E3R1P1)" + } + ] + } + }, + { + "product_name": "Yale-TL00B", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C01E160R8P12)" + } + ] + } + }, + { + "product_name": "YaleP-AL10B", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.1.0.160(C00E160R8P12)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en" + } + ] + }, + "source": { + "advisory": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en", + "discovery": "UNKNOWN" } } \ No newline at end of file