From fa8612aa4c0f139883d0e046eefa1a562bb19d99 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 May 2020 21:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1701.json | 5 +++ 2019/7xxx/CVE-2019-7201.json | 2 +- 2020/0xxx/CVE-2020-0024.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0064.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0065.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0090.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0091.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0092.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0093.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0094.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0096.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0097.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0098.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0100.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0101.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0102.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0103.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0104.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0105.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0106.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0109.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0110.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0220.json | 62 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0221.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10612.json | 50 +++++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10616.json | 50 +++++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10620.json | 50 +++++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11057.json | 10 +++--- 2020/12xxx/CVE-2020-12042.json | 50 +++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12046.json | 50 +++++++++++++++++++++++++-- 2020/12xxx/CVE-2020-12068.json | 61 +++++++++++++++++++++++++++++---- 2020/12xxx/CVE-2020-12440.json | 61 +++++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9488.json | 10 ++++++ 33 files changed, 1730 insertions(+), 33 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0024.json create mode 100644 2020/0xxx/CVE-2020-0064.json create mode 100644 2020/0xxx/CVE-2020-0065.json create mode 100644 2020/0xxx/CVE-2020-0090.json create mode 100644 2020/0xxx/CVE-2020-0091.json create mode 100644 2020/0xxx/CVE-2020-0092.json create mode 100644 2020/0xxx/CVE-2020-0093.json create mode 100644 2020/0xxx/CVE-2020-0094.json create mode 100644 2020/0xxx/CVE-2020-0096.json create mode 100644 2020/0xxx/CVE-2020-0097.json create mode 100644 2020/0xxx/CVE-2020-0098.json create mode 100644 2020/0xxx/CVE-2020-0100.json create mode 100644 2020/0xxx/CVE-2020-0101.json create mode 100644 2020/0xxx/CVE-2020-0102.json create mode 100644 2020/0xxx/CVE-2020-0103.json create mode 100644 2020/0xxx/CVE-2020-0104.json create mode 100644 2020/0xxx/CVE-2020-0105.json create mode 100644 2020/0xxx/CVE-2020-0106.json create mode 100644 2020/0xxx/CVE-2020-0109.json create mode 100644 2020/0xxx/CVE-2020-0110.json create mode 100644 2020/0xxx/CVE-2020-0220.json create mode 100644 2020/0xxx/CVE-2020-0221.json diff --git a/2015/1xxx/CVE-2015-1701.json b/2015/1xxx/CVE-2015-1701.json index 66fbe73b864..608c7fc6862 100644 --- a/2015/1xxx/CVE-2015-1701.json +++ b/2015/1xxx/CVE-2015-1701.json @@ -86,6 +86,11 @@ "name": "1032155", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032155" + }, + { + "refsource": "FULLDISC", + "name": "20200514 KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege", + "url": "http://seclists.org/fulldisclosure/2020/May/34" } ] } diff --git a/2019/7xxx/CVE-2019-7201.json b/2019/7xxx/CVE-2019-7201.json index 5647fff7d58..d0e01f1ba72 100644 --- a/2019/7xxx/CVE-2019-7201.json +++ b/2019/7xxx/CVE-2019-7201.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An unquoted service path vulnerability is reported to affect the service \u201cQVssService\u201d in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108." + "value": "An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108." } ] } diff --git a/2020/0xxx/CVE-2020-0024.json b/2020/0xxx/CVE-2020-0024.json new file mode 100644 index 00000000000..e9642ee3490 --- /dev/null +++ b/2020/0xxx/CVE-2020-0024.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0024", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1 Android-9 Android-10 Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0064.json b/2020/0xxx/CVE-2020-0064.json new file mode 100644 index 00000000000..67ac78788b2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0064.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0064", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0065.json b/2020/0xxx/CVE-2020-0065.json new file mode 100644 index 00000000000..3725c632581 --- /dev/null +++ b/2020/0xxx/CVE-2020-0065.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0065", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0090.json b/2020/0xxx/CVE-2020-0090.json new file mode 100644 index 00000000000..e0bb816e861 --- /dev/null +++ b/2020/0xxx/CVE-2020-0090.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0090", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0091.json b/2020/0xxx/CVE-2020-0091.json new file mode 100644 index 00000000000..1900ba14c84 --- /dev/null +++ b/2020/0xxx/CVE-2020-0091.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0091", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect configuration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0092.json b/2020/0xxx/CVE-2020-0092.json new file mode 100644 index 00000000000..fabb9a68d1d --- /dev/null +++ b/2020/0xxx/CVE-2020-0092.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0092", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0093.json b/2020/0xxx/CVE-2020-0093.json new file mode 100644 index 00000000000..c1e98ef10b0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0093.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0093", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0094.json b/2020/0xxx/CVE-2020-0094.json new file mode 100644 index 00000000000..b7a544d8719 --- /dev/null +++ b/2020/0xxx/CVE-2020-0094.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0094", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0096.json b/2020/0xxx/CVE-2020-0096.json new file mode 100644 index 00000000000..d2ff501f317 --- /dev/null +++ b/2020/0xxx/CVE-2020-0096.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0096", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0097.json b/2020/0xxx/CVE-2020-0097.json new file mode 100644 index 00000000000..d270016e6f4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0097.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0097", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0098.json b/2020/0xxx/CVE-2020-0098.json new file mode 100644 index 00000000000..07ce50c2459 --- /dev/null +++ b/2020/0xxx/CVE-2020-0098.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0098", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0100.json b/2020/0xxx/CVE-2020-0100.json new file mode 100644 index 00000000000..0bc0309b8fe --- /dev/null +++ b/2020/0xxx/CVE-2020-0100.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0100", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1 Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0101.json b/2020/0xxx/CVE-2020-0101.json new file mode 100644 index 00000000000..307c4326940 --- /dev/null +++ b/2020/0xxx/CVE-2020-0101.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0101", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0102.json b/2020/0xxx/CVE-2020-0102.json new file mode 100644 index 00000000000..99e35422d05 --- /dev/null +++ b/2020/0xxx/CVE-2020-0102.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0102", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0103.json b/2020/0xxx/CVE-2020-0103.json new file mode 100644 index 00000000000..9ab8e385b7f --- /dev/null +++ b/2020/0xxx/CVE-2020-0103.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0103", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0104.json b/2020/0xxx/CVE-2020-0104.json new file mode 100644 index 00000000000..557ddd2263a --- /dev/null +++ b/2020/0xxx/CVE-2020-0104.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0104", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0105.json b/2020/0xxx/CVE-2020-0105.json new file mode 100644 index 00000000000..a552d3956a9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0105.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0105", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0106.json b/2020/0xxx/CVE-2020-0106.json new file mode 100644 index 00000000000..81ddb298c0c --- /dev/null +++ b/2020/0xxx/CVE-2020-0106.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0106", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0109.json b/2020/0xxx/CVE-2020-0109.json new file mode 100644 index 00000000000..512c090db88 --- /dev/null +++ b/2020/0xxx/CVE-2020-0109.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0109", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0110.json b/2020/0xxx/CVE-2020-0110.json new file mode 100644 index 00000000000..7b291f8d28b --- /dev/null +++ b/2020/0xxx/CVE-2020-0110.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0110", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-05-01", + "url": "https://source.android.com/security/bulletin/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0220.json b/2020/0xxx/CVE-2020-0220.json new file mode 100644 index 00000000000..e8e304ab50c --- /dev/null +++ b/2020/0xxx/CVE-2020-0220.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0220", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-05-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0221.json b/2020/0xxx/CVE-2020-0221.json new file mode 100644 index 00000000000..5110a70dafb --- /dev/null +++ b/2020/0xxx/CVE-2020-0221.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0221", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-05-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-05-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10612.json b/2020/10xxx/CVE-2020-10612.json index df3408133fa..c603b6c96f8 100644 --- a/2020/10xxx/CVE-2020-10612.json +++ b/2020/10xxx/CVE-2020-10612.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Opto 22 SoftPAC Project", + "version": { + "version_data": [ + { + "version_value": "SoftPAC Project Version 9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values." } ] } diff --git a/2020/10xxx/CVE-2020-10616.json b/2020/10xxx/CVE-2020-10616.json index 7319260576e..0d381813330 100644 --- a/2020/10xxx/CVE-2020-10616.json +++ b/2020/10xxx/CVE-2020-10616.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Opto 22 SoftPAC Project", + "version": { + "version_data": [ + { + "version_value": "SoftPAC Project Version 9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts." } ] } diff --git a/2020/10xxx/CVE-2020-10620.json b/2020/10xxx/CVE-2020-10620.json index 67ec39cf7f0..369a278a0c4 100644 --- a/2020/10xxx/CVE-2020-10620.json +++ b/2020/10xxx/CVE-2020-10620.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Opto 22 SoftPAC Project", + "version": { + "version_data": [ + { + "version_value": "SoftPAC Project Version 9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHORIZATION CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely." } ] } diff --git a/2020/11xxx/CVE-2020-11057.json b/2020/11xxx/CVE-2020-11057.json index 8f4de335604..863bb1c6ffa 100644 --- a/2020/11xxx/CVE-2020-11057.json +++ b/2020/11xxx/CVE-2020-11057.json @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1", + "refsource": "MISC", + "url": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1" + }, { "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmp6-jjg8-9424", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://jira.xwiki.org/browse/XWIKI-16960", "refsource": "MISC", "url": "https://jira.xwiki.org/browse/XWIKI-16960" - }, - { - "name": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1", - "refsource": "MISC", - "url": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1" } ] }, diff --git a/2020/12xxx/CVE-2020-12042.json b/2020/12xxx/CVE-2020-12042.json index abd5f889977..9baaa69c1ab 100644 --- a/2020/12xxx/CVE-2020-12042.json +++ b/2020/12xxx/CVE-2020-12042.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Opto 22 SoftPAC Project", + "version": { + "version_data": [ + { + "version_value": "SoftPAC Project Version 9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access." } ] } diff --git a/2020/12xxx/CVE-2020-12046.json b/2020/12xxx/CVE-2020-12046.json index c166caf3b98..68141d9caba 100644 --- a/2020/12xxx/CVE-2020-12046.json +++ b/2020/12xxx/CVE-2020-12046.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Opto 22 SoftPAC Project", + "version": { + "version_data": [ + { + "version_value": "SoftPAC Project Version 9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files." } ] } diff --git a/2020/12xxx/CVE-2020-12068.json b/2020/12xxx/CVE-2020-12068.json index 02f3ecdecc4..fe958247d8b 100644 --- a/2020/12xxx/CVE-2020-12068.json +++ b/2020/12xxx/CVE-2020-12068.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.codesys.com", + "refsource": "MISC", + "name": "https://www.codesys.com" + }, + { + "refsource": "MISC", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=" } ] } diff --git a/2020/12xxx/CVE-2020-12440.json b/2020/12xxx/CVE-2020-12440.json index 54bc8d699af..c4758b1b922 100644 --- a/2020/12xxx/CVE-2020-12440.json +++ b/2020/12xxx/CVE-2020-12440.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12440", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12440", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nginx.org/en/security_advisories.html", + "refsource": "MISC", + "name": "https://nginx.org/en/security_advisories.html" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a", + "url": "https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a" } ] } diff --git a/2020/9xxx/CVE-2020-9488.json b/2020/9xxx/CVE-2020-9488.json index 7942bfea30d..6ab8463090a 100644 --- a/2020/9xxx/CVE-2020-9488.json +++ b/2020/9xxx/CVE-2020-9488.json @@ -128,6 +128,16 @@ "refsource": "MLIST", "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", + "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", + "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E" } ] },