From f2847541acae7173f2b5222cc9633c116593a765 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Mar 2020 15:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/6xxx/CVE-2007-6081.json | 2 +- 2008/1xxx/CVE-2008-1538.json | 2 +- 2014/6xxx/CVE-2014-6043.json | 2 +- 2015/7xxx/CVE-2015-7387.json | 2 +- 2018/12xxx/CVE-2018-12126.json | 5 +++ 2018/12xxx/CVE-2018-12127.json | 5 +++ 2018/12xxx/CVE-2018-12130.json | 5 +++ 2018/12xxx/CVE-2018-12207.json | 5 +++ 2018/19xxx/CVE-2018-19518.json | 5 +++ 2019/11xxx/CVE-2019-11091.json | 5 +++ 2019/11xxx/CVE-2019-11135.json | 5 +++ 2019/18xxx/CVE-2019-18420.json | 5 +++ 2019/18xxx/CVE-2019-18421.json | 5 +++ 2019/18xxx/CVE-2019-18423.json | 5 +++ 2019/18xxx/CVE-2019-18424.json | 5 +++ 2019/18xxx/CVE-2019-18425.json | 5 +++ 2019/19xxx/CVE-2019-19577.json | 5 +++ 2019/19xxx/CVE-2019-19578.json | 5 +++ 2019/19xxx/CVE-2019-19580.json | 5 +++ 2019/19xxx/CVE-2019-19581.json | 5 +++ 2019/19xxx/CVE-2019-19582.json | 5 +++ 2019/19xxx/CVE-2019-19583.json | 5 +++ 2019/5xxx/CVE-2019-5105.json | 58 ++++++++++++++++++++++++++++++---- 2020/1xxx/CVE-2020-1800.json | 50 +++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7059.json | 5 +++ 2020/7xxx/CVE-2020-7060.json | 5 +++ 2020/7xxx/CVE-2020-7061.json | 5 +++ 2020/7xxx/CVE-2020-7062.json | 5 +++ 2020/7xxx/CVE-2020-7063.json | 5 +++ 2020/7xxx/CVE-2020-7944.json | 50 +++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9065.json | 50 +++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9066.json | 50 +++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9521.json | 50 +++++++++++++++++++++++++++-- 33 files changed, 405 insertions(+), 26 deletions(-) diff --git a/2007/6xxx/CVE-2007-6081.json b/2007/6xxx/CVE-2007-6081.json index ff5749e3a8e..bef9d972293 100644 --- a/2007/6xxx/CVE-2007-6081.json +++ b/2007/6xxx/CVE-2007-6081.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs." + "value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000." } ] }, diff --git a/2008/1xxx/CVE-2008-1538.json b/2008/1xxx/CVE-2008-1538.json index 111aafe136d..ec714793c99 100644 --- a/2008/1xxx/CVE-2008-1538.json +++ b/2008/1xxx/CVE-2008-1538.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + "value": "Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000." } ] }, diff --git a/2014/6xxx/CVE-2014-6043.json b/2014/6xxx/CVE-2014-6043.json index 37a769f9da4..8d4a4923d92 100644 --- a/2014/6xxx/CVE-2014-6043.json +++ b/2014/6xxx/CVE-2014-6043.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do." + "value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000." } ] }, diff --git a/2015/7xxx/CVE-2015-7387.json b/2015/7xxx/CVE-2015-7387.json index 4cda87f0d1b..4d5a675f918 100644 --- a/2015/7xxx/CVE-2015-7387.json +++ b/2015/7xxx/CVE-2015-7387.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\"" + "value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200." } ] }, diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index 87ceea2bdac..e064d4d1c05 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -163,6 +163,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index bb2dd36313e..8a810f456ff 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -163,6 +163,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 44688fe0ac2..37712713348 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -163,6 +163,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2018/12xxx/CVE-2018-12207.json b/2018/12xxx/CVE-2018-12207.json index 214e7b46efd..298d911b49f 100644 --- a/2018/12xxx/CVE-2018-12207.json +++ b/2018/12xxx/CVE-2018-12207.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0204", "url": "https://access.redhat.com/errata/RHSA-2020:0204" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2018/19xxx/CVE-2018-19518.json b/2018/19xxx/CVE-2018-19518.json index 2400eb8c26d..c78b439e833 100644 --- a/2018/19xxx/CVE-2018-19518.json +++ b/2018/19xxx/CVE-2018-19518.json @@ -141,6 +141,11 @@ "refsource": "UBUNTU", "name": "USN-4160-1", "url": "https://usn.ubuntu.com/4160-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] } diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index 5406962cf83..f79d0d20f83 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -148,6 +148,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index ce672d4caec..aa3474bd0b0 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -183,6 +183,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0730", "url": "https://access.redhat.com/errata/RHSA-2020:0730" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] }, diff --git a/2019/18xxx/CVE-2019-18420.json b/2019/18xxx/CVE-2019-18420.json index 50464061f19..45e2f9b405b 100644 --- a/2019/18xxx/CVE-2019-18420.json +++ b/2019/18xxx/CVE-2019-18420.json @@ -91,6 +91,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/18xxx/CVE-2019-18421.json b/2019/18xxx/CVE-2019-18421.json index 50101e4c446..a4afae77819 100644 --- a/2019/18xxx/CVE-2019-18421.json +++ b/2019/18xxx/CVE-2019-18421.json @@ -91,6 +91,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/18xxx/CVE-2019-18423.json b/2019/18xxx/CVE-2019-18423.json index c1100d28d21..84dcd233d91 100644 --- a/2019/18xxx/CVE-2019-18423.json +++ b/2019/18xxx/CVE-2019-18423.json @@ -86,6 +86,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/18xxx/CVE-2019-18424.json b/2019/18xxx/CVE-2019-18424.json index 6650e2c0e60..7f26e269992 100644 --- a/2019/18xxx/CVE-2019-18424.json +++ b/2019/18xxx/CVE-2019-18424.json @@ -91,6 +91,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/18xxx/CVE-2019-18425.json b/2019/18xxx/CVE-2019-18425.json index 54e5a7a19c4..4d17d60fd05 100644 --- a/2019/18xxx/CVE-2019-18425.json +++ b/2019/18xxx/CVE-2019-18425.json @@ -91,6 +91,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19577.json b/2019/19xxx/CVE-2019-19577.json index 5431f7f2151..fbd00bfa2a2 100644 --- a/2019/19xxx/CVE-2019-19577.json +++ b/2019/19xxx/CVE-2019-19577.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19578.json b/2019/19xxx/CVE-2019-19578.json index 1e73bc4f879..d8c0687edd6 100644 --- a/2019/19xxx/CVE-2019-19578.json +++ b/2019/19xxx/CVE-2019-19578.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19580.json b/2019/19xxx/CVE-2019-19580.json index 727cc28cf18..404167630a5 100644 --- a/2019/19xxx/CVE-2019-19580.json +++ b/2019/19xxx/CVE-2019-19580.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19581.json b/2019/19xxx/CVE-2019-19581.json index 59ed50b74e1..64df3c6c53a 100644 --- a/2019/19xxx/CVE-2019-19581.json +++ b/2019/19xxx/CVE-2019-19581.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19582.json b/2019/19xxx/CVE-2019-19582.json index f1938af0f08..b5094aad2a6 100644 --- a/2019/19xxx/CVE-2019-19582.json +++ b/2019/19xxx/CVE-2019-19582.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/19xxx/CVE-2019-19583.json b/2019/19xxx/CVE-2019-19583.json index fec7d0c72d1..f48f25fb526 100644 --- a/2019/19xxx/CVE-2019-19583.json +++ b/2019/19xxx/CVE-2019-19583.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "url": "https://seclists.org/bugtraq/2020/Jan/21" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-56", + "url": "https://security.gentoo.org/glsa/202003-56" } ] } diff --git a/2019/5xxx/CVE-2019-5105.json b/2019/5xxx/CVE-2019-5105.json index 5272dfbb357..1036c2e27c7 100644 --- a/2019/5xxx/CVE-2019-5105.json +++ b/2019/5xxx/CVE-2019-5105.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5105", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5105", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "3S", + "version": { + "version_data": [ + { + "version_value": "3S-Smart Software Solutions CODESYS 3.5.15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0897", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0897" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability." } ] } diff --git a/2020/1xxx/CVE-2020-1800.json b/2020/1xxx/CVE-2020-1800.json index 8faf26c45ed..92ffe27f8cf 100644 --- a/2020/1xxx/CVE-2020-1800.json +++ b/2020/1xxx/CVE-2020-1800.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.185(C00E85R1P11)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations." } ] } diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json index 3caeacd585d..18de7d027f3 100644 --- a/2020/7xxx/CVE-2020-7059.json +++ b/2020/7xxx/CVE-2020-7059.json @@ -135,6 +135,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0341", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] }, diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json index f1cbb7cc540..72af16e6558 100644 --- a/2020/7xxx/CVE-2020-7060.json +++ b/2020/7xxx/CVE-2020-7060.json @@ -135,6 +135,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0341", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] }, diff --git a/2020/7xxx/CVE-2020-7061.json b/2020/7xxx/CVE-2020-7061.json index 67a9941bfc9..6e31187414e 100644 --- a/2020/7xxx/CVE-2020-7061.json +++ b/2020/7xxx/CVE-2020-7061.json @@ -98,6 +98,11 @@ "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=79171", "name": "https://bugs.php.net/bug.php?id=79171" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] }, diff --git a/2020/7xxx/CVE-2020-7062.json b/2020/7xxx/CVE-2020-7062.json index 67de6755f20..77fbea0ba2f 100644 --- a/2020/7xxx/CVE-2020-7062.json +++ b/2020/7xxx/CVE-2020-7062.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0341", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] }, diff --git a/2020/7xxx/CVE-2020-7063.json b/2020/7xxx/CVE-2020-7063.json index 5770c2a5197..04871aea7b6 100644 --- a/2020/7xxx/CVE-2020-7063.json +++ b/2020/7xxx/CVE-2020-7063.json @@ -100,6 +100,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0341", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-57", + "url": "https://security.gentoo.org/glsa/202003-57" } ] }, diff --git a/2020/7xxx/CVE-2020-7944.json b/2020/7xxx/CVE-2020-7944.json index 4789ac00023..3dfb1842bad 100644 --- a/2020/7xxx/CVE-2020-7944.json +++ b/2020/7xxx/CVE-2020-7944.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)", + "version": { + "version_data": [ + { + "version_value": "CD4PE prior to 3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insertion of Sensitive Information into Externally-Accessible File or Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://puppet.com/security/cve/CVE-2020-7944", + "url": "https://puppet.com/security/cve/CVE-2020-7944" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report." } ] } diff --git a/2020/9xxx/CVE-2020-9065.json b/2020/9xxx/CVE-2020-9065.json index 1f9424888d1..47096f79024 100644 --- a/2020/9xxx/CVE-2020-9065.json +++ b/2020/9xxx/CVE-2020-9065.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Taurus-AL00B", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.203(C00E201R7P2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability." } ] } diff --git a/2020/9xxx/CVE-2020-9066.json b/2020/9xxx/CVE-2020-9066.json index 4302206457a..1a7a6b66a01 100644 --- a/2020/9xxx/CVE-2020-9066.json +++ b/2020/9xxx/CVE-2020-9066.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OxfordP-AN10B", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.1.169(C00E166R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phone", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phone" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations." } ] } diff --git a/2020/9xxx/CVE-2020-9521.json b/2020/9xxx/CVE-2020-9521.json index 67257cb908a..5d45b42c868 100644 --- a/2020/9xxx/CVE-2020-9521.json +++ b/2020/9xxx/CVE-2020-9521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus International", + "product": { + "product_data": [ + { + "product_name": "Micro Focus - Service Manager Automation (SMA)", + "version": { + "version_data": [ + { + "version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03630615", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03630615" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection." } ] }