From 3c425a94c1f53c3809d898cade7c394195de4730 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Oct 2020 15:03:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14901.json | 127 +++++++++++++++++---------------- 2020/27xxx/CVE-2020-27601.json | 63 ++-------------- 2020/27xxx/CVE-2020-27602.json | 63 ++-------------- 2020/2xxx/CVE-2020-2555.json | 58 ++------------- 4 files changed, 83 insertions(+), 228 deletions(-) diff --git a/2020/14xxx/CVE-2020-14901.json b/2020/14xxx/CVE-2020-14901.json index 82aed1aadd4..defb40583cd 100644 --- a/2020/14xxx/CVE-2020-14901.json +++ b/2020/14xxx/CVE-2020-14901.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14901" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27601.json b/2020/27xxx/CVE-2020-27601.json index 347ec7a7a6c..51e3f0884de 100644 --- a/2020/27xxx/CVE-2020-27601.json +++ b/2020/27xxx/CVE-2020-27601.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-27601", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7", - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7" - }, - { - "url": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1", - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2020/27xxx/CVE-2020-27602.json b/2020/27xxx/CVE-2020-27602.json index a86af756a71..3d6f2c4b888 100644 --- a/2020/27xxx/CVE-2020-27602.json +++ b/2020/27xxx/CVE-2020-27602.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-27602", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7", - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7" - }, - { - "url": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717", - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 463272d5af2..4d3fb47a3b9 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -8,58 +8,6 @@ "vendor": { "vendor_data": [ { - "product": { - "product_data": [ - { - "product_name": "Retail Assortment Planning", - "version": { - "version_data": [ - { - "version_value": "15.0", - "version_affected": "=" - }, - { - "version_value": "16.0", - "version_affected": "=" - } - ] - } - } - ] - }, - "vendor_name": "Oracle Corporation", - "product": { - "product_data": [ - { - "product_name": "Communications Diameter Signaling Router (DSR)", - "version": { - "version_data": [ - { - "version_value": "IDIH: 8.0.0-8.2.2", - "version_affected": "=" - } - ] - } - } - ] - }, - "vendor_name": "Oracle Corporation", - "product": { - "product_data": [ - { - "product_name": "Healthcare Data Repository", - "version": { - "version_data": [ - { - "version_value": "7.0.1", - "version_affected": "=" - } - ] - } - } - ] - }, - "vendor_name": "Oracle Corporation", "product": { "product_data": [ { @@ -79,7 +27,7 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } @@ -142,7 +90,9 @@ "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html" }, { - "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" + "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" } ] }