From eb4cffb84ad41b4912639c76828e55628d69f0d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 29 May 2020 22:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11844.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6937.json | 56 ++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7648.json | 55 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7650.json | 55 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7654.json | 55 +++++++++++++++++++++-- 2020/8xxx/CVE-2020-8482.json | 79 +++++++++++++++++++++++++++++++--- 6 files changed, 329 insertions(+), 21 deletions(-) diff --git a/2020/11xxx/CVE-2020-11844.json b/2020/11xxx/CVE-2020-11844.json index 32299dcad5e..5c92ad7af93 100644 --- a/2020/11xxx/CVE-2020-11844.json +++ b/2020/11xxx/CVE-2020-11844.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Service Management Automation (SMA)", + "version": { + "version_data": [ + { + "version_value": "2018.05 to 2020.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03645631", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03645631" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation." } ] } diff --git a/2020/6xxx/CVE-2020-6937.json b/2020/6xxx/CVE-2020-6937.json index 8eb76d190c8..06d8a50a8c3 100644 --- a/2020/6xxx/CVE-2020-6937.json +++ b/2020/6xxx/CVE-2020-6937.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MuleSoft Mule CE/EE", + "version": { + "version_data": [ + { + "version_value": "3.8.x" + }, + { + "version_value": "3.9.x" + }, + { + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", + "url": "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion." } ] } diff --git a/2020/7xxx/CVE-2020-7648.json b/2020/7xxx/CVE-2020-7648.json index 8f32efe1fef..3382001c853 100644 --- a/2020/7xxx/CVE-2020-7648.json +++ b/2020/7xxx/CVE-2020-7648.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "snyk-broker", + "version": { + "version_data": [ + { + "version_value": "All versions before 4.72.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://updates.snyk.io/snyk-broker-security-fixes-152338", + "url": "https://updates.snyk.io/snyk-broker-security-fixes-152338" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607", + "url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`" } ] } diff --git a/2020/7xxx/CVE-2020-7650.json b/2020/7xxx/CVE-2020-7650.json index deb62e0ccc2..90c3b839895 100644 --- a/2020/7xxx/CVE-2020-7650.json +++ b/2020/7xxx/CVE-2020-7650.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "snyk-broker", + "version": { + "version_data": [ + { + "version_value": "All versions after 4.72.0 including and before 4.73.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://updates.snyk.io/snyk-broker-security-fixes-152338", + "url": "https://updates.snyk.io/snyk-broker-security-fixes-152338" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609", + "url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json." } ] } diff --git a/2020/7xxx/CVE-2020-7654.json b/2020/7xxx/CVE-2020-7654.json index 63eed26484b..bbd2bad5d73 100644 --- a/2020/7xxx/CVE-2020-7654.json +++ b/2020/7xxx/CVE-2020-7654.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "snyk-broker", + "version": { + "version_data": [ + { + "version_value": "All versions before 4.73.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://updates.snyk.io/snyk-broker-security-fixes-152338", + "url": "https://updates.snyk.io/snyk-broker-security-fixes-152338" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613", + "url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG." } ] } diff --git a/2020/8xxx/CVE-2020-8482.json b/2020/8xxx/CVE-2020-8482.json index 37825b348c1..45d6ed72c2b 100644 --- a/2020/8xxx/CVE-2020-8482.json +++ b/2020/8xxx/CVE-2020-8482.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", "ID": "CVE-2020-8482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ABB Device Library Wizard Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABB", + "product": { + "product_data": [ + { + "product_name": "ABB Device Library Wizard", + "version": { + "version_data": [ + { + "version_value": "6 <= 6.0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922: Insecure Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file