From d2ccb12c6e5536afac6738ae23b72d4ee07e72c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Mar 2020 19:01:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20382.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10179.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10180.json | 62 ++++++++++++++++++++++++++++++++++ 2020/4xxx/CVE-2020-4082.json | 50 +++++++++++++++++++++++++-- 2020/4xxx/CVE-2020-4083.json | 50 +++++++++++++++++++++++++-- 5 files changed, 229 insertions(+), 12 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10179.json create mode 100644 2020/10xxx/CVE-2020-10180.json diff --git a/2019/20xxx/CVE-2019-20382.json b/2019/20xxx/CVE-2019-20382.json index 2305dcf0dcf..471e72c5cea 100644 --- a/2019/20xxx/CVE-2019-20382.json +++ b/2019/20xxx/CVE-2019-20382.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20382", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20382", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0", + "refsource": "MISC", + "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/03/05/1", + "url": "http://www.openwall.com/lists/oss-security/2020/03/05/1" } ] } diff --git a/2020/10xxx/CVE-2020-10179.json b/2020/10xxx/CVE-2020-10179.json new file mode 100644 index 00000000000..b2551ba8bac --- /dev/null +++ b/2020/10xxx/CVE-2020-10179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10180.json b/2020/10xxx/CVE-2020-10180.json new file mode 100644 index 00000000000..7254adeb704 --- /dev/null +++ b/2020/10xxx/CVE-2020-10180.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html", + "refsource": "MISC", + "name": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4082.json b/2020/4xxx/CVE-2020-4082.json index 3837114fc85..d60d24ed138 100644 --- a/2020/4xxx/CVE-2020-4082.json +++ b/2020/4xxx/CVE-2020-4082.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "\"HCL Connections\"", + "version": { + "version_data": [ + { + "version_value": "\"HCL Connections 5.5\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075447", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075447" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." } ] } diff --git a/2020/4xxx/CVE-2020-4083.json b/2020/4xxx/CVE-2020-4083.json index a8ffc7deaeb..8cc914ff092 100644 --- a/2020/4xxx/CVE-2020-4083.json +++ b/2020/4xxx/CVE-2020-4083.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4083", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "\"HCL Connections\"", + "version": { + "version_data": [ + { + "version_value": "\"HCL Connections 6.5\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075503", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075503" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user." } ] }