From 59b112d1cd76ad3abd54a8dc81e9f70bfb2b9b90 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Oct 2020 22:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17355.json | 56 ++++++++++++++++++--- 2020/17xxx/CVE-2020-17454.json | 56 ++++++++++++++++++--- 2020/24xxx/CVE-2020-24421.json | 90 +++++++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8203.json | 2 +- 4 files changed, 185 insertions(+), 19 deletions(-) diff --git a/2020/17xxx/CVE-2020-17355.json b/2020/17xxx/CVE-2020-17355.json index 12325a01990..ef1ba0b7406 100644 --- a/2020/17xxx/CVE-2020-17355.json +++ b/2020/17xxx/CVE-2020-17355.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11759-security-advisory-53", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11759-security-advisory-53" } ] } diff --git a/2020/17xxx/CVE-2020-17454.json b/2020/17xxx/CVE-2020-17454.json index 219810dcd58..315b59ea3fb 100644 --- a/2020/17xxx/CVE-2020-17454.json +++ b/2020/17xxx/CVE-2020-17454.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WSO2 API Manager 3.1.0 and earlier has reflected XSS on the \"publisher\" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0843", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0843" } ] } diff --git a/2020/24xxx/CVE-2020-24421.json b/2020/24xxx/CVE-2020-24421.json index 340ccbea5f6..83080dbee33 100644 --- a/2020/24xxx/CVE-2020-24421.json +++ b/2020/24xxx/CVE-2020-24421.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-24421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign 15.1.2 Memory Corruption Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "15.1.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8203.json b/2020/8xxx/CVE-2020-8203.json index 6dedc269df0..bd372de8902 100644 --- a/2020/8xxx/CVE-2020-8203.json +++ b/2020/8xxx/CVE-2020-8203.json @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15." + "value": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20." } ] }