From f0d52120bb2d4f35fe7ea6e7ebb9e5bd2ce79247 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Feb 2020 17:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12246.json | 66 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12437.json | 66 ++++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8112.json | 5 +++ 2020/8xxx/CVE-2020-8441.json | 71 +++++++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8506.json | 5 +++ 2020/8xxx/CVE-2020-8507.json | 5 +++ 2020/8xxx/CVE-2020-8824.json | 56 ++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8959.json | 61 ++++++++++++++++++++++++++--- 8 files changed, 305 insertions(+), 30 deletions(-) diff --git a/2019/12xxx/CVE-2019-12246.json b/2019/12xxx/CVE-2019-12246.json index b4677b81615..6b6eafb00f4 100644 --- a/2019/12xxx/CVE-2019-12246.json +++ b/2019/12xxx/CVE-2019-12246.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12246", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12246", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.silverstripe.org/download/security-releases/", + "url": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://www.silverstripe.org/blog/tag/release", + "refsource": "MISC", + "name": "https://www.silverstripe.org/blog/tag/release" + }, + { + "url": "https://forum.silverstripe.org/c/releases", + "refsource": "MISC", + "name": "https://forum.silverstripe.org/c/releases" } ] } diff --git a/2019/12xxx/CVE-2019-12437.json b/2019/12xxx/CVE-2019-12437.json index ece597c68d1..13171806c0d 100644 --- a/2019/12xxx/CVE-2019-12437.json +++ b/2019/12xxx/CVE-2019-12437.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.silverstripe.org/download/security-releases/", + "url": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://www.silverstripe.org/blog/tag/release", + "refsource": "MISC", + "name": "https://www.silverstripe.org/blog/tag/release" + }, + { + "url": "https://forum.silverstripe.org/c/releases", + "refsource": "MISC", + "name": "https://forum.silverstripe.org/c/releases" } ] } diff --git a/2020/8xxx/CVE-2020-8112.json b/2020/8xxx/CVE-2020-8112.json index 7c73b6deae3..d55055f75c5 100644 --- a/2020/8xxx/CVE-2020-8112.json +++ b/2020/8xxx/CVE-2020-8112.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2089-1] openjpeg2 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0550", + "url": "https://access.redhat.com/errata/RHSA-2020:0550" } ] } diff --git a/2020/8xxx/CVE-2020-8441.json b/2020/8xxx/CVE-2020-8441.json index 07e2b4b6d0b..5fbab62692f 100644 --- a/2020/8xxx/CVE-2020-8441.json +++ b/2020/8xxx/CVE-2020-8441.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8441", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8441", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mbechler/marshalsec", + "refsource": "MISC", + "name": "https://github.com/mbechler/marshalsec" + }, + { + "url": "https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf", + "refsource": "MISC", + "name": "https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf" + }, + { + "url": "https://sourceforge.net/p/jyaml/bugs/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/jyaml/bugs/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a", + "url": "https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a" } ] } diff --git a/2020/8xxx/CVE-2020-8506.json b/2020/8xxx/CVE-2020-8506.json index 2fb18382da0..2b3e57c1b86 100644 --- a/2020/8xxx/CVE-2020-8506.json +++ b/2020/8xxx/CVE-2020-8506.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.info-sec.ca/advisories/Global-TV.html", "url": "https://www.info-sec.ca/advisories/Global-TV.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156425/Global-TV-Unencrypted-Analytics.html", + "url": "http://packetstormsecurity.com/files/156425/Global-TV-Unencrypted-Analytics.html" } ] } diff --git a/2020/8xxx/CVE-2020-8507.json b/2020/8xxx/CVE-2020-8507.json index 81459d6de7e..07db0a68cbd 100644 --- a/2020/8xxx/CVE-2020-8507.json +++ b/2020/8xxx/CVE-2020-8507.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.info-sec.ca/advisories/Citytv-Video.html", "url": "https://www.info-sec.ca/advisories/Citytv-Video.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156426/Citytv-Video-Unencrypted-Analytics.html", + "url": "http://packetstormsecurity.com/files/156426/Citytv-Video-Unencrypted-Analytics.html" } ] } diff --git a/2020/8xxx/CVE-2020-8824.json b/2020/8xxx/CVE-2020-8824.json index a1a9bcc362e..c0834c197d5 100644 --- a/2020/8xxx/CVE-2020-8824.json +++ b/2020/8xxx/CVE-2020-8824.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/9thplayer/df042fe48c314dbc1afad80ffed8387d", + "url": "https://gist.github.com/9thplayer/df042fe48c314dbc1afad80ffed8387d" } ] } diff --git a/2020/8xxx/CVE-2020-8959.json b/2020/8xxx/CVE-2020-8959.json index c96caafa281..1f5e1a6baf8 100644 --- a/2020/8xxx/CVE-2020-8959.json +++ b/2020/8xxx/CVE-2020-8959.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads", + "refsource": "MISC", + "name": "https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-20001-ssd-dashboard-setup-privilege-escalation", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-20001-ssd-dashboard-setup-privilege-escalation" } ] }