"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2020-07-02 18:01:28 +00:00 · 2020-07-02 18:01:28 +00:00 · 703acee832
commit 703acee832
parent 9c03e3ba7c
22 changed files with 103 additions and 3 deletions
--- a/2020/15xxx/CVE-2020-15091.json
+++ b/2020/15xxx/CVE-2020-15091.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network.\n\nThis issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit."
+                "value": "TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit."
            }
        ]
    },
--- a/2020/2xxx/CVE-2020-2201.json
+++ b/2020/2xxx/CVE-2020-2201.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1775",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1775",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2202.json
+++ b/2020/2xxx/CVE-2020-2202.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1690",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1690",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2203.json
+++ b/2020/2xxx/CVE-2020-2203.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1691",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1691",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2204.json
+++ b/2020/2xxx/CVE-2020-2204.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1691",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1691",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2205.json
+++ b/2020/2xxx/CVE-2020-2205.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(1)",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(1)",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2206.json
+++ b/2020/2xxx/CVE-2020-2206.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(2)",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(2)",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2207.json
+++ b/2020/2xxx/CVE-2020-2207.json
@ -57,6 +57,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1776",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1776",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2208.json
+++ b/2020/2xxx/CVE-2020-2208.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1627",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1627",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2209.json
+++ b/2020/2xxx/CVE-2020-2209.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2210.json
+++ b/2020/2xxx/CVE-2020-2210.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2211.json
+++ b/2020/2xxx/CVE-2020-2211.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1738",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1738",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2212.json
+++ b/2020/2xxx/CVE-2020-2212.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1632",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1632",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2213.json
+++ b/2020/2xxx/CVE-2020-2213.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1630",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1630",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2214.json
+++ b/2020/2xxx/CVE-2020-2214.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1811",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1811",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2215.json
+++ b/2020/2xxx/CVE-2020-2215.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1762",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1762",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2216.json
+++ b/2020/2xxx/CVE-2020-2216.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1762",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1762",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2217.json
+++ b/2020/2xxx/CVE-2020-2217.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1771",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1771",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2218.json
+++ b/2020/2xxx/CVE-2020-2218.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/2xxx/CVE-2020-2219.json
+++ b/2020/2xxx/CVE-2020-2219.json
@ -61,6 +61,11 @@
                "name": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1803",
                "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1803",
                "refsource": "CONFIRM"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200702 Multiple vulnerabilities in Jenkins plugins",
+                "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
            }
        ]
    }
--- a/2020/4xxx/CVE-2020-4074.json
+++ b/2020/4xxx/CVE-2020-4074.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands.\n\nThe problem is fixed in 1.7.7.6."
+                "value": "In PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.7.6."
            }
        ]
    },
--- a/2020/8xxx/CVE-2020-8165.json
+++ b/2020/8xxx/CVE-2020-8165.json
@ -58,6 +58,11 @@
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
                "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
+                "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
            }
        ]
    },
@ -65,7 +70,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
+                "value": "A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
            }
        ]
    }