From 17713c743daf8d8f1a3a3e91d03775afefbe9a7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Dec 2020 15:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14369.json | 50 ++++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25638.json | 50 ++++++++++++++++++++++++++-- 2020/28xxx/CVE-2020-28272.json | 55 +++++++++++++++++++++++++++++-- 2020/28xxx/CVE-2020-28273.json | 60 ++++++++++++++++++++++++++++++++-- 4 files changed, 203 insertions(+), 12 deletions(-) diff --git a/2020/14xxx/CVE-2020-14369.json b/2020/14xxx/CVE-2020-14369.json index ab6edb16088..8b6f72ecd5a 100644 --- a/2020/14xxx/CVE-2020-14369.json +++ b/2020/14xxx/CVE-2020-14369.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudForms", + "version": { + "version_data": [ + { + "version_value": "cfme-gemset 5.11.8.1-1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth." } ] } diff --git a/2020/25xxx/CVE-2020-25638.json b/2020/25xxx/CVE-2020-25638.json index d0057ae6579..99f213fa4b0 100644 --- a/2020/25xxx/CVE-2020-25638.json +++ b/2020/25xxx/CVE-2020-25638.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "hibernate-core", + "version": { + "version_data": [ + { + "version_value": "Hibernate ORM versions before 5.4.24.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity." } ] } diff --git a/2020/28xxx/CVE-2020-28272.json b/2020/28xxx/CVE-2020-28272.json index e0eb97e0993..b77b054673c 100644 --- a/2020/28xxx/CVE-2020-28272.json +++ b/2020/28xxx/CVE-2020-28272.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keyget", + "version": { + "version_data": [ + { + "version_value": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272" + }, + { + "refsource": "MISC", + "name": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2", + "url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28273.json b/2020/28xxx/CVE-2020-28273.json index b5625b7ec07..1e2700acdd6 100644 --- a/2020/28xxx/CVE-2020-28273.json +++ b/2020/28xxx/CVE-2020-28273.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28273", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "set-in", + "version": { + "version_data": [ + { + "version_value": "1.0.0, 1.1.0, 1.1.1, 2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database", + "url": "https://www.whitesourcesoftware.com/vulnerability-database" + }, + { + "refsource": "MISC", + "name": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88", + "url": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88" + }, + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution." } ] }