diff --git a/2020/20xxx/CVE-2020-20740.json b/2020/20xxx/CVE-2020-20740.json index 176dc32c465..eb538371bc9 100644 --- a/2020/20xxx/CVE-2020-20740.json +++ b/2020/20xxx/CVE-2020-20740.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-92195be0e2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOIEVFM3SIMAEOFJKKMYH2TLZ7PXLSUD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e9f9bb77a0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/" } ] } diff --git a/2020/24xxx/CVE-2020-24223.json b/2020/24xxx/CVE-2020-24223.json index 8f776e2c2d4..77b8d299c8e 100644 --- a/2020/24xxx/CVE-2020-24223.json +++ b/2020/24xxx/CVE-2020-24223.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Mara CMS 7.5 allows contact.php?theme= XSS." + "value": "Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters." } ] }, diff --git a/2020/27xxx/CVE-2020-27772.json b/2020/27xxx/CVE-2020-27772.json index 0d47a9527d2..c2c50082288 100644 --- a/2020/27xxx/CVE-2020-27772.json +++ b/2020/27xxx/CVE-2020-27772.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27772", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "ImageMagick 7.0.9-0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898291", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0." } ] } diff --git a/2020/27xxx/CVE-2020-27773.json b/2020/27xxx/CVE-2020-27773.json index e4deb657809..9cc0d9d8ec3 100644 --- a/2020/27xxx/CVE-2020-27773.json +++ b/2020/27xxx/CVE-2020-27773.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "ImageMagick 7.0.9-0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "(CWE-369|CWE-190)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0." } ] } diff --git a/2020/28xxx/CVE-2020-28950.json b/2020/28xxx/CVE-2020-28950.json index 8c7b03c4ac3..80085b64a37 100644 --- a/2020/28xxx/CVE-2020-28950.json +++ b/2020/28xxx/CVE-2020-28950.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky Anti-Ransomware Tool", + "version": { + "version_data": [ + { + "version_value": "prior to KART 4.0 Patch C" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation (LPE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process." } ] } diff --git a/2020/6xxx/CVE-2020-6868.json b/2020/6xxx/CVE-2020-6868.json index deb2eec799d..c9576a03cf8 100644 --- a/2020/6xxx/CVE-2020-6868.json +++ b/2020/6xxx/CVE-2020-6868.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "ZTE's PON terminal product is impacted by the access control vulnerability. Due to the system not performing correct access control on some program interfaces, an attacker could use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations. This affects: " + "value": "There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6" } ] }