From 53cca3cadad7d443657b66ea8bbaea6d029ffab4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jul 2020 00:01:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11978.json | 50 ++++++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11981.json | 50 ++++++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11982.json | 50 ++++++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11983.json | 50 ++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1032.json | 5 +++ 2020/1xxx/CVE-2020-1036.json | 5 +++ 2020/1xxx/CVE-2020-1040.json | 5 +++ 2020/1xxx/CVE-2020-1041.json | 5 +++ 2020/1xxx/CVE-2020-1042.json | 5 +++ 2020/1xxx/CVE-2020-1043.json | 5 +++ 2020/9xxx/CVE-2020-9485.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9646.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9649.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9650.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9669.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9670.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9671.json | 50 ++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9672.json | 60 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9673.json | 60 ++++++++++++++++++++++++++++++++-- 19 files changed, 661 insertions(+), 39 deletions(-) diff --git a/2020/11xxx/CVE-2020-11978.json b/2020/11xxx/CVE-2020-11978.json index 9692a72978f..58b7948b456 100644 --- a/2020/11xxx/CVE-2020-11978.json +++ b/2020/11xxx/CVE-2020-11978.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "1.10.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable." } ] } diff --git a/2020/11xxx/CVE-2020-11981.json b/2020/11xxx/CVE-2020-11981.json index 4f6cc2e6422..048e9c3e146 100644 --- a/2020/11xxx/CVE-2020-11981.json +++ b/2020/11xxx/CVE-2020-11981.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "1.10.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands." } ] } diff --git a/2020/11xxx/CVE-2020-11982.json b/2020/11xxx/CVE-2020-11982.json index 6bc1aaca262..894e8b517ba 100644 --- a/2020/11xxx/CVE-2020-11982.json +++ b/2020/11xxx/CVE-2020-11982.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "1.10.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker." } ] } diff --git a/2020/11xxx/CVE-2020-11983.json b/2020/11xxx/CVE-2020-11983.json index fb10e81c330..5e597b6a32d 100644 --- a/2020/11xxx/CVE-2020-11983.json +++ b/2020/11xxx/CVE-2020-11983.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "1.10.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks." } ] } diff --git a/2020/1xxx/CVE-2020-1032.json b/2020/1xxx/CVE-2020-1032.json index 7c130b3ac45..a2b1858de38 100644 --- a/2020/1xxx/CVE-2020-1032.json +++ b/2020/1xxx/CVE-2020-1032.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/1xxx/CVE-2020-1036.json b/2020/1xxx/CVE-2020-1036.json index d24d801f83a..c2cccf8e13d 100644 --- a/2020/1xxx/CVE-2020-1036.json +++ b/2020/1xxx/CVE-2020-1036.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/1xxx/CVE-2020-1040.json b/2020/1xxx/CVE-2020-1040.json index e28c7818091..63b81522b7c 100644 --- a/2020/1xxx/CVE-2020-1040.json +++ b/2020/1xxx/CVE-2020-1040.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/1xxx/CVE-2020-1041.json b/2020/1xxx/CVE-2020-1041.json index 2cf75c621d5..a5cae62c27d 100644 --- a/2020/1xxx/CVE-2020-1041.json +++ b/2020/1xxx/CVE-2020-1041.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/1xxx/CVE-2020-1042.json b/2020/1xxx/CVE-2020-1042.json index 62e6e1ed5e8..035c4498262 100644 --- a/2020/1xxx/CVE-2020-1042.json +++ b/2020/1xxx/CVE-2020-1042.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/1xxx/CVE-2020-1043.json b/2020/1xxx/CVE-2020-1043.json index 68d287ec408..d580ee65cce 100644 --- a/2020/1xxx/CVE-2020-1043.json +++ b/2020/1xxx/CVE-2020-1043.json @@ -77,6 +77,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5044" } ] } diff --git a/2020/9xxx/CVE-2020-9485.json b/2020/9xxx/CVE-2020-9485.json index 7118aeaf5cd..2151f182a18 100644 --- a/2020/9xxx/CVE-2020-9485.json +++ b/2020/9xxx/CVE-2020-9485.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "1.10.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI." } ] } diff --git a/2020/9xxx/CVE-2020-9646.json b/2020/9xxx/CVE-2020-9646.json index b1793950fdd..3056ad6e847 100644 --- a/2020/9xxx/CVE-2020-9646.json +++ b/2020/9xxx/CVE-2020-9646.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Media Encoder", + "version": { + "version_data": [ + { + "version_value": "14.2 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9649.json b/2020/9xxx/CVE-2020-9649.json index 5a4802ab692..a0ef1d0c693 100644 --- a/2020/9xxx/CVE-2020-9649.json +++ b/2020/9xxx/CVE-2020-9649.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Media Encoder", + "version": { + "version_data": [ + { + "version_value": "14.2 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." } ] } diff --git a/2020/9xxx/CVE-2020-9650.json b/2020/9xxx/CVE-2020-9650.json index 6e4437977b5..9731d8fe593 100644 --- a/2020/9xxx/CVE-2020-9650.json +++ b/2020/9xxx/CVE-2020-9650.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Media Encoder", + "version": { + "version_data": [ + { + "version_value": "14.2 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9669.json b/2020/9xxx/CVE-2020-9669.json index 7aa24e394e8..62b72246bc9 100644 --- a/2020/9xxx/CVE-2020-9669.json +++ b/2020/9xxx/CVE-2020-9669.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of Exploit Mitigations" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Creative Cloud Desktop Application", + "version": { + "version_data": [ + { + "version_value": "versions 5.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation." } ] } diff --git a/2020/9xxx/CVE-2020-9670.json b/2020/9xxx/CVE-2020-9670.json index 325d1d48be6..b17f08d90ad 100644 --- a/2020/9xxx/CVE-2020-9670.json +++ b/2020/9xxx/CVE-2020-9670.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symlink vulnerability" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Creative Cloud Desktop Application", + "version": { + "version_data": [ + { + "version_value": "versions 5.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation." } ] } diff --git a/2020/9xxx/CVE-2020-9671.json b/2020/9xxx/CVE-2020-9671.json index a7c607875c4..ffb6a43d7de 100644 --- a/2020/9xxx/CVE-2020-9671.json +++ b/2020/9xxx/CVE-2020-9671.json @@ -3,15 +3,59 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure File permissions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Creative Cloud Desktop Application", + "version": { + "version_data": [ + { + "version_value": "versions 5.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation." } ] } diff --git a/2020/9xxx/CVE-2020-9672.json b/2020/9xxx/CVE-2020-9672.json index 2dc8560e2f3..8ca8b4955eb 100644 --- a/2020/9xxx/CVE-2020-9672.json +++ b/2020/9xxx/CVE-2020-9672.json @@ -3,15 +3,69 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL search-order hijacking " + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion 2016", + "version": { + "version_data": [ + { + "version_value": "update 15 and earlier versions" + } + ] + } + }, + { + "product_name": "Adobe ColdFusion 2018", + "version": { + "version_data": [ + { + "version_value": "update 9 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ] } diff --git a/2020/9xxx/CVE-2020-9673.json b/2020/9xxx/CVE-2020-9673.json index 1d5d5424d14..e9527a73194 100644 --- a/2020/9xxx/CVE-2020-9673.json +++ b/2020/9xxx/CVE-2020-9673.json @@ -3,15 +3,69 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL search-order hijacking " + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion 2016", + "version": { + "version_data": [ + { + "version_value": "update 15 and earlier versions" + } + ] + } + }, + { + "product_name": "Adobe ColdFusion 2018", + "version": { + "version_data": [ + { + "version_value": "update 9 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ] }