From 12873d2cb76e1f1a8d45b7e2e91413a3336ba2e0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Sep 2020 20:01:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15127.json | 5 +++ 2018/20xxx/CVE-2018-20019.json | 5 +++ 2018/20xxx/CVE-2018-20020.json | 5 +++ 2018/20xxx/CVE-2018-20021.json | 5 +++ 2018/20xxx/CVE-2018-20022.json | 5 +++ 2018/20xxx/CVE-2018-20023.json | 5 +++ 2018/20xxx/CVE-2018-20024.json | 5 +++ 2018/20xxx/CVE-2018-20748.json | 5 +++ 2018/20xxx/CVE-2018-20749.json | 5 +++ 2018/20xxx/CVE-2018-20750.json | 5 +++ 2018/7xxx/CVE-2018-7225.json | 5 +++ 2019/15xxx/CVE-2019-15681.json | 5 +++ 2019/19xxx/CVE-2019-19948.json | 5 +++ 2019/19xxx/CVE-2019-19949.json | 5 +++ 2020/14xxx/CVE-2020-14374.json | 55 +++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14375.json | 5 +++ 2020/14xxx/CVE-2020-14376.json | 5 +++ 2020/14xxx/CVE-2020-14377.json | 5 +++ 2020/14xxx/CVE-2020-14378.json | 5 +++ 2020/1xxx/CVE-2020-1945.json | 10 ++++++ 2020/25xxx/CVE-2020-25626.json | 50 +++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25726.json | 63 ++++------------------------------ 2020/25xxx/CVE-2020-25816.json | 61 ++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26168.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26169.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26170.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26171.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26172.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26173.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26174.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26175.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26176.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26177.json | 18 ++++++++++ 2020/26xxx/CVE-2020-26178.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8252.json | 5 +++ 35 files changed, 464 insertions(+), 68 deletions(-) create mode 100644 2020/26xxx/CVE-2020-26168.json create mode 100644 2020/26xxx/CVE-2020-26169.json create mode 100644 2020/26xxx/CVE-2020-26170.json create mode 100644 2020/26xxx/CVE-2020-26171.json create mode 100644 2020/26xxx/CVE-2020-26172.json create mode 100644 2020/26xxx/CVE-2020-26173.json create mode 100644 2020/26xxx/CVE-2020-26174.json create mode 100644 2020/26xxx/CVE-2020-26175.json create mode 100644 2020/26xxx/CVE-2020-26176.json create mode 100644 2020/26xxx/CVE-2020-26177.json create mode 100644 2020/26xxx/CVE-2020-26178.json diff --git a/2018/15xxx/CVE-2018-15127.json b/2018/15xxx/CVE-2018-15127.json index bb587b2c1f1..99e66890b7f 100644 --- a/2018/15xxx/CVE-2018-15127.json +++ b/2018/15xxx/CVE-2018-15127.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20019.json b/2018/20xxx/CVE-2018-20019.json index ee2b3c3f8f8..4d32b47c160 100644 --- a/2018/20xxx/CVE-2018-20019.json +++ b/2018/20xxx/CVE-2018-20019.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20020.json b/2018/20xxx/CVE-2018-20020.json index a1dcb114f68..348399d9cb2 100644 --- a/2018/20xxx/CVE-2018-20020.json +++ b/2018/20xxx/CVE-2018-20020.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-06", "url": "https://security.gentoo.org/glsa/202006-06" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20021.json b/2018/20xxx/CVE-2018-20021.json index bece52a98d2..0344fcbea0e 100644 --- a/2018/20xxx/CVE-2018-20021.json +++ b/2018/20xxx/CVE-2018-20021.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-06", "url": "https://security.gentoo.org/glsa/202006-06" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20022.json b/2018/20xxx/CVE-2018-20022.json index ee401a4a66a..4f2ca828a19 100644 --- a/2018/20xxx/CVE-2018-20022.json +++ b/2018/20xxx/CVE-2018-20022.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-06", "url": "https://security.gentoo.org/glsa/202006-06" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20023.json b/2018/20xxx/CVE-2018-20023.json index edb43c411de..fca63b6d4c4 100644 --- a/2018/20xxx/CVE-2018-20023.json +++ b/2018/20xxx/CVE-2018-20023.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20024.json b/2018/20xxx/CVE-2018-20024.json index 9be49fcab2d..fd2f029a293 100644 --- a/2018/20xxx/CVE-2018-20024.json +++ b/2018/20xxx/CVE-2018-20024.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-06", "url": "https://security.gentoo.org/glsa/202006-06" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20748.json b/2018/20xxx/CVE-2018-20748.json index acb01a7a924..3e64ab06fcb 100644 --- a/2018/20xxx/CVE-2018-20748.json +++ b/2018/20xxx/CVE-2018-20748.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20749.json b/2018/20xxx/CVE-2018-20749.json index ec6548b7d00..12b9ea1a6a0 100644 --- a/2018/20xxx/CVE-2018-20749.json +++ b/2018/20xxx/CVE-2018-20749.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20750.json b/2018/20xxx/CVE-2018-20750.json index 5f83baef995..2654f745063 100644 --- a/2018/20xxx/CVE-2018-20750.json +++ b/2018/20xxx/CVE-2018-20750.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2018/7xxx/CVE-2018-7225.json b/2018/7xxx/CVE-2018-7225.json index 6bb4cf6483d..5da9529f8cb 100644 --- a/2018/7xxx/CVE-2018-7225.json +++ b/2018/7xxx/CVE-2018-7225.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15681.json b/2019/15xxx/CVE-2019-15681.json index 4f3ab192f0b..1c99db54a25 100644 --- a/2019/15xxx/CVE-2019-15681.json +++ b/2019/15xxx/CVE-2019-15681.json @@ -83,6 +83,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1071", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4547-1", + "url": "https://usn.ubuntu.com/4547-1/" } ] }, diff --git a/2019/19xxx/CVE-2019-19948.json b/2019/19xxx/CVE-2019-19948.json index 01a520ad9cd..7abeefd3c93 100644 --- a/2019/19xxx/CVE-2019-19948.json +++ b/2019/19xxx/CVE-2019-19948.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4715", "url": "https://www.debian.org/security/2020/dsa-4715" + }, + { + "refsource": "UBUNTU", + "name": "USN-4549-1", + "url": "https://usn.ubuntu.com/4549-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19949.json b/2019/19xxx/CVE-2019-19949.json index aacf0264ec3..15bb4e5c1be 100644 --- a/2019/19xxx/CVE-2019-19949.json +++ b/2019/19xxx/CVE-2019-19949.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4549-1", + "url": "https://usn.ubuntu.com/4549-1/" } ] } diff --git a/2020/14xxx/CVE-2020-14374.json b/2020/14xxx/CVE-2020-14374.json index 6e12bf8e6b3..8c0dbe64065 100644 --- a/2020/14xxx/CVE-2020-14374.json +++ b/2020/14xxx/CVE-2020-14374.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "dpdk", + "version": { + "version_data": [ + { + "version_value": "All dpdk versions before 18.11.10 and before 19.11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3", + "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2020/14xxx/CVE-2020-14375.json b/2020/14xxx/CVE-2020-14375.json index 93ecf104d9f..a60e4bfbf8d 100644 --- a/2020/14xxx/CVE-2020-14375.json +++ b/2020/14xxx/CVE-2020-14375.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3", "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3" + }, + { + "refsource": "UBUNTU", + "name": "USN-4550-1", + "url": "https://usn.ubuntu.com/4550-1/" } ] }, diff --git a/2020/14xxx/CVE-2020-14376.json b/2020/14xxx/CVE-2020-14376.json index 493cb08c0ba..8bb5350031c 100644 --- a/2020/14xxx/CVE-2020-14376.json +++ b/2020/14xxx/CVE-2020-14376.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470" + }, + { + "refsource": "UBUNTU", + "name": "USN-4550-1", + "url": "https://usn.ubuntu.com/4550-1/" } ] }, diff --git a/2020/14xxx/CVE-2020-14377.json b/2020/14xxx/CVE-2020-14377.json index 939a88cfa01..a2a78a9a445 100644 --- a/2020/14xxx/CVE-2020-14377.json +++ b/2020/14xxx/CVE-2020-14377.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472" + }, + { + "refsource": "UBUNTU", + "name": "USN-4550-1", + "url": "https://usn.ubuntu.com/4550-1/" } ] }, diff --git a/2020/14xxx/CVE-2020-14378.json b/2020/14xxx/CVE-2020-14378.json index f2c3ce466eb..13237e8cd72 100644 --- a/2020/14xxx/CVE-2020-14378.json +++ b/2020/14xxx/CVE-2020-14378.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473" + }, + { + "refsource": "UBUNTU", + "name": "USN-4550-1", + "url": "https://usn.ubuntu.com/4550-1/" } ] }, diff --git a/2020/1xxx/CVE-2020-1945.json b/2020/1xxx/CVE-2020-1945.json index 0f2b3833049..df2ea9ab75b 100644 --- a/2020/1xxx/CVE-2020-1945.json +++ b/2020/1xxx/CVE-2020-1945.json @@ -173,6 +173,16 @@ "refsource": "MLIST", "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability", "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", + "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979", + "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E" } ] }, diff --git a/2020/25xxx/CVE-2020-25626.json b/2020/25xxx/CVE-2020-25626.json index b01e9db8f68..565dba63d24 100644 --- a/2020/25xxx/CVE-2020-25626.json +++ b/2020/25xxx/CVE-2020-25626.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Django REST Framework", + "version": { + "version_data": [ + { + "version_value": "All django-rest-framework versions before 3.12.0 and before 3.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20->CWE-77->CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1878635", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878635" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious