From 01275d3549e9cd2d8841da83b8fc3ad9b4caa1b9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Feb 2021 20:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10176.json | 5 +++++ 2020/23xxx/CVE-2020-23826.json | 10 ++++++++++ 2020/28xxx/CVE-2020-28493.json | 17 ++++++++++------- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/2020/10xxx/CVE-2020-10176.json b/2020/10xxx/CVE-2020-10176.json index 725fd988aa5..9d174398e88 100644 --- a/2020/10xxx/CVE-2020-10176.json +++ b/2020/10xxx/CVE-2020-10176.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/", "url": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/" + }, + { + "refsource": "MISC", + "name": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf", + "url": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf" } ] } diff --git a/2020/23xxx/CVE-2020-23826.json b/2020/23xxx/CVE-2020-23826.json index c3dcecd0c9f..e397970c8f9 100644 --- a/2020/23xxx/CVE-2020-23826.json +++ b/2020/23xxx/CVE-2020-23826.json @@ -52,10 +52,20 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/", + "url": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/" + }, { "refsource": "MISC", "name": "https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html", "url": "https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html" + }, + { + "refsource": "MISC", + "name": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf", + "url": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28493.json b/2020/28xxx/CVE-2020-28493.json index 3a51183e395..6912b566c8f 100644 --- a/2020/28xxx/CVE-2020-28493.json +++ b/2020/28xxx/CVE-2020-28493.json @@ -52,16 +52,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994", + "name": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994" }, { - "refsource": "CONFIRM", - "url": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20" + "refsource": "MISC", + "url": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20", + "name": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20" }, { - "refsource": "CONFIRM", - "url": "https://github.com/pallets/jinja/pull/1343" + "refsource": "MISC", + "url": "https://github.com/pallets/jinja/pull/1343", + "name": "https://github.com/pallets/jinja/pull/1343" } ] }, @@ -69,7 +72,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package jinja2 from 0.0.0 and before 2.11.3.\n The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+\r\n\r\nThis issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.\r\n\r\n" + "value": "This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory." } ] },