From 591423b74bf346c0af49ca7e27754a56aabe30ac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 May 2020 20:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9374.json | 50 ++---------------------------- 2020/11xxx/CVE-2020-11060.json | 2 +- 2020/11xxx/CVE-2020-11062.json | 2 +- 2020/12xxx/CVE-2020-12772.json | 56 ++++++++++++++++++++++++++++++---- 4 files changed, 55 insertions(+), 55 deletions(-) diff --git a/2019/9xxx/CVE-2019-9374.json b/2019/9xxx/CVE-2019-9374.json index 904542081d0..48a30f55c8d 100644 --- a/2019/9xxx/CVE-2019-9374.json +++ b/2019/9xxx/CVE-2019-9374.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-9374", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-10" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of privilege" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/android-10", - "url": "https://source.android.com/security/bulletin/android-10" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129476618" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2020/11xxx/CVE-2020-11060.json b/2020/11xxx/CVE-2020-11060.json index 32b92815903..c511df38f79 100644 --- a/2020/11xxx/CVE-2020-11060.json +++ b/2020/11xxx/CVE-2020-11060.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks.\n\nThis is fixed in version 9.4.6." + "value": "In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6." } ] }, diff --git a/2020/11xxx/CVE-2020-11062.json b/2020/11xxx/CVE-2020-11062.json index c15af366fa5..ca30150e023 100644 --- a/2020/11xxx/CVE-2020-11062.json +++ b/2020/11xxx/CVE-2020-11062.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type.\n\nThis has been fixed in version 9.4.6." + "value": "In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6." } ] }, diff --git a/2020/12xxx/CVE-2020-12772.json b/2020/12xxx/CVE-2020-12772.json index d94684c5bb6..2c241ed696b 100644 --- a/2020/12xxx/CVE-2020-12772.json +++ b/2020/12xxx/CVE-2020-12772.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12772", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12772", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/theart42/cves/blob/master/cve-2020-12772/CVE-2020-12772.md", + "url": "https://github.com/theart42/cves/blob/master/cve-2020-12772/CVE-2020-12772.md" } ] }