diff --git a/2019/3xxx/CVE-2019-3465.json b/2019/3xxx/CVE-2019-3465.json index 2d038853ca3..e8e81c11341 100644 --- a/2019/3xxx/CVE-2019-3465.json +++ b/2019/3xxx/CVE-2019-3465.json @@ -103,6 +103,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1b95d7a131", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/" } ] }, diff --git a/2020/10xxx/CVE-2020-10642.json b/2020/10xxx/CVE-2020-10642.json index 01c6ff4e06d..a12dfcb78a3 100644 --- a/2020/10xxx/CVE-2020-10642.json +++ b/2020/10xxx/CVE-2020-10642.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation RSLinx Classic versions 4.1.00 and prior", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation RSLinx Classic versions 4.1.00 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-100-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-100-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic." } ] } diff --git a/2020/10xxx/CVE-2020-10646.json b/2020/10xxx/CVE-2020-10646.json index 1d0d3b78985..ce230e2e2bd 100644 --- a/2020/10xxx/CVE-2020-10646.json +++ b/2020/10xxx/CVE-2020-10646.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0", + "version": { + "version_data": [ + { + "version_value": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small." } ] } diff --git a/2020/11xxx/CVE-2020-11736.json b/2020/11xxx/CVE-2020-11736.json new file mode 100644 index 00000000000..c179bec85b7 --- /dev/null +++ b/2020/11xxx/CVE-2020-11736.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11737.json b/2020/11xxx/CVE-2020-11737.json new file mode 100644 index 00000000000..7fb9a7771e4 --- /dev/null +++ b/2020/11xxx/CVE-2020-11737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1730.json b/2020/1xxx/CVE-2020-1730.json index f02101c1f18..5cee7d6431e 100644 --- a/2020/1xxx/CVE-2020-1730.json +++ b/2020/1xxx/CVE-2020-1730.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1730", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -47,7 +48,9 @@ "references": { "reference_data": [ { - "url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt" + "url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", + "refsource": "MISC", + "name": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730",