diff --git a/2018/16xxx/CVE-2018-16738.json b/2018/16xxx/CVE-2018-16738.json index 99bc9d63902..f1203c2388f 100644 --- a/2018/16xxx/CVE-2018-16738.json +++ b/2018/16xxx/CVE-2018-16738.json @@ -66,6 +66,11 @@ "name": "DSA-4312", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4312" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20190227-0002/", + "url": "https://www.starwindsoftware.com/security/sw-20190227-0002/" } ] } diff --git a/2020/14xxx/CVE-2020-14129.json b/2020/14xxx/CVE-2020-14129.json index 7348aff8dd2..f64f00b831a 100644 --- a/2020/14xxx/CVE-2020-14129.json +++ b/2020/14xxx/CVE-2020-14129.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@xiaomi.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Xiaomi a certain APP", + "version": { + "version_data": [ + { + "version_value": "Affected Version:3.4.5.18 Fixed Version:3.4.5.24" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerability logic vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155", + "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege." } ] } diff --git a/2020/14xxx/CVE-2020-14131.json b/2020/14xxx/CVE-2020-14131.json index e078500dd4a..b1717e69504 100644 --- a/2020/14xxx/CVE-2020-14131.json +++ b/2020/14xxx/CVE-2020-14131.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@xiaomi.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Xiaomi specific devices", + "version": { + "version_data": [ + { + "version_value": "Xiaomi specific devices,Affected Version:11,Fixed Version:12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "a lack of identity verification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153", + "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life." } ] } diff --git a/2022/20xxx/CVE-2022-20429.json b/2022/20xxx/CVE-2022-20429.json index 99f47963409..735f00a2f61 100644 --- a/2022/20xxx/CVE-2022-20429.json +++ b/2022/20xxx/CVE-2022-20429.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/aaos/2022-10-01", + "url": "https://source.android.com/security/bulletin/aaos/2022-10-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473" } ] } diff --git a/2022/20xxx/CVE-2022-20775.json b/2022/20xxx/CVE-2022-20775.json index 645364791af..dce974a17fd 100644 --- a/2022/20xxx/CVE-2022-20775.json +++ b/2022/20xxx/CVE-2022-20775.json @@ -71,6 +71,16 @@ "name": "20220928 Cisco SD-WAN Software Privilege Escalation Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF" + }, + { + "refsource": "MISC", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc" } ] },