"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-10-20 21:01:52 +00:00 · 2020-10-20 21:01:52 +00:00 · 1b2636d175
commit 1b2636d175
parent b0246cee5b
7 changed files with 78 additions and 9 deletions
--- a/2016/10xxx/CVE-2016-10228.json
+++ b/2016/10xxx/CVE-2016-10228.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service."
+                "value": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service."
            }
        ]
    },
@ -66,6 +66,16 @@
                "name": "http://openwall.com/lists/oss-security/2017/03/01/10",
                "refsource": "CONFIRM",
                "url": "http://openwall.com/lists/oss-security/2017/03/01/10"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
+                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224",
+                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
            }
        ]
    }
--- a/2020/15xxx/CVE-2020-15264.json
+++ b/2020/15xxx/CVE-2020-15264.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The Boxstarter installer before version 2.13.0 configures C:\\ProgramData\\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges.\nAny unprivileged user can execute code with SYSTEM privileges.\nThe issue is fixed in version 3.13.0"
+                "value": "The Boxstarter installer before version 2.13.0 configures C:\\ProgramData\\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0"
            }
        ]
    },
--- a/2020/15xxx/CVE-2020-15269.json
+++ b/2020/15xxx/CVE-2020-15269.json
@ -41,7 +41,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. \n\nThe issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory."
+                "value": "In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory."
            }
        ]
    },
--- a/2020/26xxx/CVE-2020-26891.json
+++ b/2020/26xxx/CVE-2020-26891.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/m.login.recaptcha or /_matrix/client/r0/auth/m.login.terms Synapse 974923."
+                "value": "AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints."
            }
        ]
    },
@ -52,11 +52,6 @@
    },
    "references": {
        "reference_data": [
-            {
-                "url": "https://github.com/matrix-org/synapse/releases",
-                "refsource": "MISC",
-                "name": "https://github.com/matrix-org/synapse/releases"
-            },
            {
                "refsource": "MISC",
                "name": "https://github.com/matrix-org/synapse/pull/8444",
@ -66,6 +61,16 @@
                "refsource": "MISC",
                "name": "https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory",
                "url": "https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/matrix-org/synapse/releases/tag/v1.21.2",
+                "url": "https://github.com/matrix-org/synapse/releases/tag/v1.21.2"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq",
+                "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq"
            }
        ]
    }
--- a/2020/27xxx/CVE-2020-27357.json
+++ b/2020/27xxx/CVE-2020-27357.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-27357",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2020/27xxx/CVE-2020-27358.json
+++ b/2020/27xxx/CVE-2020-27358.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-27358",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2020/27xxx/CVE-2020-27359.json
+++ b/2020/27xxx/CVE-2020-27359.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-27359",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}