From d9db93dca8fee70bb7175b50cf1004541f0c1bb7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jun 2020 18:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/6xxx/CVE-2018-6446.json | 58 ++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13657.json | 61 +++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13896.json | 56 +++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14002.json | 66 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14093.json | 5 +++ 2020/14xxx/CVE-2020-14145.json | 61 +++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14154.json | 5 +++ 2020/14xxx/CVE-2020-14954.json | 5 +++ 2020/15xxx/CVE-2020-15043.json | 61 +++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15069.json | 56 +++++++++++++++++++++++++---- 10 files changed, 391 insertions(+), 43 deletions(-) diff --git a/2018/6xxx/CVE-2018-6446.json b/2018/6xxx/CVE-2018-6446.json index da1c87f6bb1..8036657403d 100644 --- a/2018/6xxx/CVE-2018-6446.json +++ b/2018/6xxx/CVE-2018-6446.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6446", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6446", + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Network Advisor", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-841", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-841" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications." } ] } diff --git a/2020/13xxx/CVE-2020-13657.json b/2020/13xxx/CVE-2020-13657.json index fdcb893aa2a..3e6ef763aad 100644 --- a/2020/13xxx/CVE-2020-13657.json +++ b/2020/13xxx/CVE-2020-13657.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://forum.avast.com/index.php?topic=234638.0", + "url": "https://forum.avast.com/index.php?topic=234638.0" + }, + { + "refsource": "CONFIRM", + "name": "https://forum.avast.com/index.php?topic=232423.0", + "url": "https://forum.avast.com/index.php?topic=232423.0" } ] } diff --git a/2020/13xxx/CVE-2020-13896.json b/2020/13xxx/CVE-2020-13896.json index 8b2c85daa3f..eddf2f009af 100644 --- a/2020/13xxx/CVE-2020-13896.json +++ b/2020/13xxx/CVE-2020-13896.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13896", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Saket-taneja/9576573122be1cb0d6dc9d9a73db5631", + "url": "https://gist.github.com/Saket-taneja/9576573122be1cb0d6dc9d9a73db5631" } ] } diff --git a/2020/14xxx/CVE-2020-14002.json b/2020/14xxx/CVE-2020-14002.json index ea687e03cec..3d6c9c22200 100644 --- a/2020/14xxx/CVE-2020-14002.json +++ b/2020/14xxx/CVE-2020-14002.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14002", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14002", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", + "refsource": "MISC", + "name": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" + }, + { + "url": "https://lists.tartarus.org/pipermail/putty-announce/", + "refsource": "MISC", + "name": "https://lists.tartarus.org/pipermail/putty-announce/" + }, + { + "refsource": "MISC", + "name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", + "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" } ] } diff --git a/2020/14xxx/CVE-2020-14093.json b/2020/14xxx/CVE-2020-14093.json index 699bbb6f126..27be53ad3e5 100644 --- a/2020/14xxx/CVE-2020-14093.json +++ b/2020/14xxx/CVE-2020-14093.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4708", "url": "https://www.debian.org/security/2020/dsa-4708" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0903", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" } ] } diff --git a/2020/14xxx/CVE-2020-14145.json b/2020/14xxx/CVE-2020-14145.json index a6cf44df490..79cf0e8ac71 100644 --- a/2020/14xxx/CVE-2020-14145.json +++ b/2020/14xxx/CVE-2020-14145.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14145", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14145", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", + "refsource": "MISC", + "name": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1" + }, + { + "refsource": "MISC", + "name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", + "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" } ] } diff --git a/2020/14xxx/CVE-2020-14154.json b/2020/14xxx/CVE-2020-14154.json index 59e1cf8784d..f63b7af66eb 100644 --- a/2020/14xxx/CVE-2020-14154.json +++ b/2020/14xxx/CVE-2020-14154.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://bugs.gentoo.org/728300", "url": "https://bugs.gentoo.org/728300" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0903", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" } ] } diff --git a/2020/14xxx/CVE-2020-14954.json b/2020/14xxx/CVE-2020-14954.json index 4073b252691..7e95301f30b 100644 --- a/2020/14xxx/CVE-2020-14954.json +++ b/2020/14xxx/CVE-2020-14954.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4708", "url": "https://www.debian.org/security/2020/dsa-4708" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0903", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" } ] } diff --git a/2020/15xxx/CVE-2020-15043.json b/2020/15xxx/CVE-2020-15043.json index 8c065631eda..f1bb1b4d2d2 100644 --- a/2020/15xxx/CVE-2020-15043.json +++ b/2020/15xxx/CVE-2020-15043.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15043", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Saket-taneja/4dda4b2df5aa0973a7160bb6bf8875e0", + "url": "https://gist.github.com/Saket-taneja/4dda4b2df5aa0973a7160bb6bf8875e0" + }, + { + "refsource": "MISC", + "name": "https://github.com/Saket-taneja/IballCSRFExploit", + "url": "https://github.com/Saket-taneja/IballCSRFExploit" } ] } diff --git a/2020/15xxx/CVE-2020-15069.json b/2020/15xxx/CVE-2020-15069.json index db4a54b17bc..1d82eb6bd60 100644 --- a/2020/15xxx/CVE-2020-15069.json +++ b/2020/15xxx/CVE-2020-15069.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal", + "url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal" } ] }