From d580305c5af564c1d6bcbabe0aa1fd345e170abf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 8 May 2020 12:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10638.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12002.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12006.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12010.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12014.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12018.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12022.json | 50 ++++++++++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12026.json | 50 ++++++++++++++++++++++++++++++++-- 2020/3xxx/CVE-2020-3885.json | 5 ++++ 2020/3xxx/CVE-2020-3894.json | 5 ++++ 2020/3xxx/CVE-2020-3895.json | 5 ++++ 2020/3xxx/CVE-2020-3897.json | 5 ++++ 2020/3xxx/CVE-2020-3899.json | 5 ++++ 2020/3xxx/CVE-2020-3900.json | 5 ++++ 2020/3xxx/CVE-2020-3901.json | 5 ++++ 2020/3xxx/CVE-2020-3902.json | 5 ++++ 16 files changed, 416 insertions(+), 24 deletions(-) diff --git a/2020/10xxx/CVE-2020-10638.json b/2020/10xxx/CVE-2020-10638.json index d0252e99cec..33ab42dc5f3 100644 --- a/2020/10xxx/CVE-2020-10638.json +++ b/2020/10xxx/CVE-2020-10638.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ] } diff --git a/2020/12xxx/CVE-2020-12002.json b/2020/12xxx/CVE-2020-12002.json index 5e959bc530a..0a0dc314c00 100644 --- a/2020/12xxx/CVE-2020-12002.json +++ b/2020/12xxx/CVE-2020-12002.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ] } diff --git a/2020/12xxx/CVE-2020-12006.json b/2020/12xxx/CVE-2020-12006.json index 1ed164619f5..7604fa807c5 100644 --- a/2020/12xxx/CVE-2020-12006.json +++ b/2020/12xxx/CVE-2020-12006.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ] } diff --git a/2020/12xxx/CVE-2020-12010.json b/2020/12xxx/CVE-2020-12010.json index 5398c5c0e0a..db5dd4064b9 100644 --- a/2020/12xxx/CVE-2020-12010.json +++ b/2020/12xxx/CVE-2020-12010.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control." } ] } diff --git a/2020/12xxx/CVE-2020-12014.json b/2020/12xxx/CVE-2020-12014.json index 195514d572f..445b4ce44f0 100644 --- a/2020/12xxx/CVE-2020-12014.json +++ b/2020/12xxx/CVE-2020-12014.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands." } ] } diff --git a/2020/12xxx/CVE-2020-12018.json b/2020/12xxx/CVE-2020-12018.json index 3b1d8b434d6..9c6c4b778fd 100644 --- a/2020/12xxx/CVE-2020-12018.json +++ b/2020/12xxx/CVE-2020-12018.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data." } ] } diff --git a/2020/12xxx/CVE-2020-12022.json b/2020/12xxx/CVE-2020-12022.json index 8825e421b58..dc05ea5cc65 100644 --- a/2020/12xxx/CVE-2020-12022.json +++ b/2020/12xxx/CVE-2020-12022.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER VALIDATION OF ARRAY INDEX CWE-129" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed." } ] } diff --git a/2020/12xxx/CVE-2020-12026.json b/2020/12xxx/CVE-2020-12026.json index 4520224e78a..9552d602f28 100644 --- a/2020/12xxx/CVE-2020-12026.json +++ b/2020/12xxx/CVE-2020-12026.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Node", + "version": { + "version_data": [ + { + "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ] } diff --git a/2020/3xxx/CVE-2020-3885.json b/2020/3xxx/CVE-2020-3885.json index b7e8a226dc0..e1542ab55ab 100644 --- a/2020/3xxx/CVE-2020-3885.json +++ b/2020/3xxx/CVE-2020-3885.json @@ -134,6 +134,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3894.json b/2020/3xxx/CVE-2020-3894.json index 008ef66fc24..ee53d3a7f19 100644 --- a/2020/3xxx/CVE-2020-3894.json +++ b/2020/3xxx/CVE-2020-3894.json @@ -139,6 +139,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3895.json b/2020/3xxx/CVE-2020-3895.json index b8435656bd5..82c6e5d46a5 100644 --- a/2020/3xxx/CVE-2020-3895.json +++ b/2020/3xxx/CVE-2020-3895.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3897.json b/2020/3xxx/CVE-2020-3897.json index 1dcd637802d..4b582ed6d22 100644 --- a/2020/3xxx/CVE-2020-3897.json +++ b/2020/3xxx/CVE-2020-3897.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3899.json b/2020/3xxx/CVE-2020-3899.json index 41c1e38940b..8f9dc8282c7 100644 --- a/2020/3xxx/CVE-2020-3899.json +++ b/2020/3xxx/CVE-2020-3899.json @@ -159,6 +159,11 @@ "refsource": "UBUNTU", "name": "USN-4347-1", "url": "https://usn.ubuntu.com/4347-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3900.json b/2020/3xxx/CVE-2020-3900.json index a33377c89fe..5742f702029 100644 --- a/2020/3xxx/CVE-2020-3900.json +++ b/2020/3xxx/CVE-2020-3900.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3901.json b/2020/3xxx/CVE-2020-3901.json index 76ed4c26b7e..48797929f00 100644 --- a/2020/3xxx/CVE-2020-3901.json +++ b/2020/3xxx/CVE-2020-3901.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] }, diff --git a/2020/3xxx/CVE-2020-3902.json b/2020/3xxx/CVE-2020-3902.json index ec89815c53b..f739d799e9f 100644 --- a/2020/3xxx/CVE-2020-3902.json +++ b/2020/3xxx/CVE-2020-3902.json @@ -134,6 +134,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200427 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005", "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4681", + "url": "https://www.debian.org/security/2020/dsa-4681" } ] },