From 37db81865dc7548ec2bd010e0586f276e482fcd7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Jan 2021 21:01:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13096.json | 2 +- 2018/15xxx/CVE-2018-15822.json | 7 +++- 2018/5xxx/CVE-2018-5332.json | 7 +++- 2018/6xxx/CVE-2018-6621.json | 7 +++- 2020/1xxx/CVE-2020-1674.json | 4 +- 2020/29xxx/CVE-2020-29437.json | 71 +++++++++++++++++++++++++++++++--- 2020/35xxx/CVE-2020-35269.json | 2 +- 2020/36xxx/CVE-2020-36066.json | 70 ++++++++++++++++++++++++++++++--- 2020/36xxx/CVE-2020-36067.json | 70 ++++++++++++++++++++++++++++++--- 9 files changed, 215 insertions(+), 25 deletions(-) diff --git a/2018/13xxx/CVE-2018-13096.json b/2018/13xxx/CVE-2018-13096.json index 13472eb1355..946e3ae64d1 100644 --- a/2018/13xxx/CVE-2018-13096.json +++ b/2018/13xxx/CVE-2018-13096.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in fs/f2fs/super.c in the Linux kernel 4.14 through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image." + "value": "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image." } ] }, diff --git a/2018/15xxx/CVE-2018-15822.json b/2018/15xxx/CVE-2018-15822.json index a4e1c357c9c..d41a3ff1081 100644 --- a/2018/15xxx/CVE-2018-15822.json +++ b/2018/15xxx/CVE-2018-15822.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure." + "value": "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure." } ] }, @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4431-1", "url": "https://usn.ubuntu.com/4431-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92", + "url": "https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92" } ] } diff --git a/2018/5xxx/CVE-2018-5332.json b/2018/5xxx/CVE-2018-5332.json index 395650842c4..35f8bae9e96 100644 --- a/2018/5xxx/CVE-2018-5332.json +++ b/2018/5xxx/CVE-2018-5332.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)." + "value": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)." } ] }, @@ -121,6 +121,11 @@ "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e" } ] } diff --git a/2018/6xxx/CVE-2018-6621.json b/2018/6xxx/CVE-2018-6621.json index 7f00eb6c6d1..58d63e0e8ca 100644 --- a/2018/6xxx/CVE-2018-6621.json +++ b/2018/6xxx/CVE-2018-6621.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file." + "value": "The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file." } ] }, @@ -71,6 +71,11 @@ "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FFmpeg/FFmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c", + "url": "https://github.com/FFmpeg/FFmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c" } ] } diff --git a/2020/1xxx/CVE-2020-1674.json b/2020/1xxx/CVE-2020-1674.json index ffa2dd8c530..6ee85baca98 100644 --- a/2020/1xxx/CVE-2020-1674.json +++ b/2020/1xxx/CVE-2020-1674.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1674", - "ASSIGNER": "sirt@juniper.net", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, "description": { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29437.json b/2020/29xxx/CVE-2020-29437.json index 61e371647da..b4506a2e90b 100644 --- a/2020/29xxx/CVE-2020-29437.json +++ b/2020/29xxx/CVE-2020-29437.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/orangehrm/orangehrm/issues/695", + "refsource": "MISC", + "name": "https://github.com/orangehrm/orangehrm/issues/695" + }, + { + "refsource": "MISC", + "name": "https://www.horizon3.ai/disclosures/orangehrm-sqli.html", + "url": "https://www.horizon3.ai/disclosures/orangehrm-sqli.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangehrm/orangehrm/pull/699", + "url": "https://github.com/orangehrm/orangehrm/pull/699" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/orangehrm/orangehrm/releases", + "url": "https://github.com/orangehrm/orangehrm/releases" } ] } diff --git a/2020/35xxx/CVE-2020-35269.json b/2020/35xxx/CVE-2020-35269.json index c8ccc9c1413..65dc7c7541c 100644 --- a/2020/35xxx/CVE-2020-35269.json +++ b/2020/35xxx/CVE-2020-35269.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4." + "value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers." } ] }, diff --git a/2020/36xxx/CVE-2020-36066.json b/2020/36xxx/CVE-2020-36066.json index b574c8caf15..0fb58953eb6 100644 --- a/2020/36xxx/CVE-2020-36066.json +++ b/2020/36xxx/CVE-2020-36066.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tidwall/gjson/issues/195", + "refsource": "MISC", + "name": "https://github.com/tidwall/gjson/issues/195" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36067.json b/2020/36xxx/CVE-2020-36067.json index 72c72eab494..e17e4f9cf0a 100644 --- a/2020/36xxx/CVE-2020-36067.json +++ b/2020/36xxx/CVE-2020-36067.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tidwall/gjson/issues/196", + "refsource": "MISC", + "name": "https://github.com/tidwall/gjson/issues/196" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file