From 69f3c99f5cf22bb5462e5e47d1918b86025f147a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 8 Jan 2020 20:01:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14165.json | 5 ++ 2017/14xxx/CVE-2017-14314.json | 5 ++ 2017/14xxx/CVE-2017-14504.json | 5 ++ 2017/14xxx/CVE-2017-14649.json | 5 ++ 2017/14xxx/CVE-2017-14733.json | 5 ++ 2017/14xxx/CVE-2017-14994.json | 5 ++ 2017/14xxx/CVE-2017-14997.json | 5 ++ 2017/15xxx/CVE-2017-15277.json | 5 ++ 2017/15xxx/CVE-2017-15930.json | 5 ++ 2017/16xxx/CVE-2017-16352.json | 5 ++ 2017/16xxx/CVE-2017-16353.json | 5 ++ 2019/10xxx/CVE-2019-10219.json | 5 ++ 2019/11xxx/CVE-2019-11745.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11756.json | 55 ++++++++++++++++++++-- 2019/11xxx/CVE-2019-11757.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11758.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11759.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11760.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11761.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11762.json | 85 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11763.json | 85 ++++++++++++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6583.json | 56 +++++++++++++++++++--- 2020/6xxx/CVE-2020-6584.json | 18 +++++++ 2020/6xxx/CVE-2020-6585.json | 18 +++++++ 2020/6xxx/CVE-2020-6586.json | 18 +++++++ 2020/6xxx/CVE-2020-6587.json | 18 +++++++ 2020/6xxx/CVE-2020-6588.json | 18 +++++++ 27 files changed, 908 insertions(+), 33 deletions(-) create mode 100644 2020/6xxx/CVE-2020-6584.json create mode 100644 2020/6xxx/CVE-2020-6585.json create mode 100644 2020/6xxx/CVE-2020-6586.json create mode 100644 2020/6xxx/CVE-2020-6587.json create mode 100644 2020/6xxx/CVE-2020-6588.json diff --git a/2017/14xxx/CVE-2017-14165.json b/2017/14xxx/CVE-2017-14165.json index 6eb640613d8..a49eb65d9d6 100644 --- a/2017/14xxx/CVE-2017-14165.json +++ b/2017/14xxx/CVE-2017-14165.json @@ -66,6 +66,11 @@ "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa", "refsource": "MISC", "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14314.json b/2017/14xxx/CVE-2017-14314.json index 9e2349a1c24..65f50a5031f 100644 --- a/2017/14xxx/CVE-2017-14314.json +++ b/2017/14xxx/CVE-2017-14314.json @@ -71,6 +71,11 @@ "name": "https://sourceforge.net/p/graphicsmagick/bugs/448/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/graphicsmagick/bugs/448/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14504.json b/2017/14xxx/CVE-2017-14504.json index 57a54666a56..c410968bfd7 100644 --- a/2017/14xxx/CVE-2017-14504.json +++ b/2017/14xxx/CVE-2017-14504.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14649.json b/2017/14xxx/CVE-2017-14649.json index ba82e12d805..e328181b68d 100644 --- a/2017/14xxx/CVE-2017-14649.json +++ b/2017/14xxx/CVE-2017-14649.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14733.json b/2017/14xxx/CVE-2017-14733.json index 0899acbc693..db46739baf0 100644 --- a/2017/14xxx/CVE-2017-14733.json +++ b/2017/14xxx/CVE-2017-14733.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14994.json b/2017/14xxx/CVE-2017-14994.json index b69f5be9eec..76b80dbfd3d 100644 --- a/2017/14xxx/CVE-2017-14994.json +++ b/2017/14xxx/CVE-2017-14994.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14997.json b/2017/14xxx/CVE-2017-14997.json index 6fc1d875b88..5c1801ade4f 100644 --- a/2017/14xxx/CVE-2017-14997.json +++ b/2017/14xxx/CVE-2017-14997.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/15xxx/CVE-2017-15277.json b/2017/15xxx/CVE-2017-15277.json index f14a00d40f0..c8c02fffdb4 100644 --- a/2017/15xxx/CVE-2017-15277.json +++ b/2017/15xxx/CVE-2017-15277.json @@ -91,6 +91,11 @@ "name": "https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/15xxx/CVE-2017-15930.json b/2017/15xxx/CVE-2017-15930.json index 8bfc65d765f..8383fe5a432 100644 --- a/2017/15xxx/CVE-2017-15930.json +++ b/2017/15xxx/CVE-2017-15930.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16352.json b/2017/16xxx/CVE-2017-16352.json index 9c943a674cf..482df0a4671 100644 --- a/2017/16xxx/CVE-2017-16352.json +++ b/2017/16xxx/CVE-2017-16352.json @@ -91,6 +91,11 @@ "name": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt", "refsource": "MISC", "url": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16353.json b/2017/16xxx/CVE-2017-16353.json index 3cf90f5a853..49d4650a6c2 100644 --- a/2017/16xxx/CVE-2017-16353.json +++ b/2017/16xxx/CVE-2017-16353.json @@ -91,6 +91,11 @@ "name": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt", "refsource": "MISC", "url": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-4232-1", + "url": "https://usn.ubuntu.com/4232-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json index 7d4edb5a00c..60098c09cc0 100644 --- a/2019/10xxx/CVE-2019-10219.json +++ b/2019/10xxx/CVE-2019-10219.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", + "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E" } ] }, diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index 1649c010c32..3f8df4f9ade 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 71" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write in NSS when encrypting with a block cipher" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-38/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-37/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." } ] } diff --git a/2019/11xxx/CVE-2019-11756.json b/2019/11xxx/CVE-2019-11756.json index 78702da7103..1bb1383aef7 100644 --- a/2019/11xxx/CVE-2019-11756.json +++ b/2019/11xxx/CVE-2019-11756.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 71" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free of SFTKSession object" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71." } ] } diff --git a/2019/11xxx/CVE-2019-11757.json b/2019/11xxx/CVE-2019-11757.json index 8179ae91543..2025bab0b6e 100644 --- a/2019/11xxx/CVE-2019-11757.json +++ b/2019/11xxx/CVE-2019-11757.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free when creating index updates in IndexedDB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11758.json b/2019/11xxx/CVE-2019-11758.json index d0a5290d8d5..f809112fbd8 100644 --- a/2019/11xxx/CVE-2019-11758.json +++ b/2019/11xxx/CVE-2019-11758.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 69" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potentially exploitable crash due to 360 Total Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-25/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-25/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536227", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536227" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11759.json b/2019/11xxx/CVE-2019-11759.json index 431f2e84c06..3996ceaae63 100644 --- a/2019/11xxx/CVE-2019-11759.json +++ b/2019/11xxx/CVE-2019-11759.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack buffer overflow in HKDF output" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577953", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577953" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11760.json b/2019/11xxx/CVE-2019-11760.json index 78d47da54f1..62d010bf770 100644 --- a/2019/11xxx/CVE-2019-11760.json +++ b/2019/11xxx/CVE-2019-11760.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack buffer overflow in WebRTC networking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577719", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577719" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11761.json b/2019/11xxx/CVE-2019-11761.json index 6514b104a3f..7e56f1fb285 100644 --- a/2019/11xxx/CVE-2019-11761.json +++ b/2019/11xxx/CVE-2019-11761.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unintended access to a privileged JSONView object" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1561502", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1561502" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11762.json b/2019/11xxx/CVE-2019-11762.json index 9a8739bd3a9..e44a6b0c07e 100644 --- a/2019/11xxx/CVE-2019-11762.json +++ b/2019/11xxx/CVE-2019-11762.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "document.domain-based origin isolation has same-origin-property violation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2019/11xxx/CVE-2019-11763.json b/2019/11xxx/CVE-2019-11763.json index 9bb12ed9424..524feae66b3 100644 --- a/2019/11xxx/CVE-2019-11763.json +++ b/2019/11xxx/CVE-2019-11763.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 70" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "before 68.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect HTML parsing results in XSS bypass technique" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." } ] } diff --git a/2020/6xxx/CVE-2020-6583.json b/2020/6xxx/CVE-2020-6583.json index 0d2804a0566..963898ad182 100644 --- a/2020/6xxx/CVE-2020-6583.json +++ b/2020/6xxx/CVE-2020-6583.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sevenlayers.com/index.php/282-online-invoicing-system-2-6-xss-session-hijack", + "refsource": "MISC", + "name": "https://www.sevenlayers.com/index.php/282-online-invoicing-system-2-6-xss-session-hijack" } ] } diff --git a/2020/6xxx/CVE-2020-6584.json b/2020/6xxx/CVE-2020-6584.json new file mode 100644 index 00000000000..1691e21468c --- /dev/null +++ b/2020/6xxx/CVE-2020-6584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6585.json b/2020/6xxx/CVE-2020-6585.json new file mode 100644 index 00000000000..7aca92fd25b --- /dev/null +++ b/2020/6xxx/CVE-2020-6585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6586.json b/2020/6xxx/CVE-2020-6586.json new file mode 100644 index 00000000000..9df3a826dad --- /dev/null +++ b/2020/6xxx/CVE-2020-6586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6587.json b/2020/6xxx/CVE-2020-6587.json new file mode 100644 index 00000000000..9e47d081129 --- /dev/null +++ b/2020/6xxx/CVE-2020-6587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6588.json b/2020/6xxx/CVE-2020-6588.json new file mode 100644 index 00000000000..b137ef73a75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file