diff --git a/2017/14xxx/CVE-2017-14170.json b/2017/14xxx/CVE-2017-14170.json index bdfedcefed0..7e59ad76c6f 100644 --- a/2017/14xxx/CVE-2017-14170.json +++ b/2017/14xxx/CVE-2017-14170.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large \"nb_index_entries\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file." + "value": "In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large \"nb_index_entries\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file." } ] }, @@ -71,6 +71,11 @@ "name": "DSA-3996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3996" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210", + "url": "https://github.com/FFmpeg/FFmpeg/commit/f173cdfe669556aa92857adafe60cbe5f2aa1210" } ] } diff --git a/2018/14xxx/CVE-2018-14395.json b/2018/14xxx/CVE-2018-14395.json index ad55ceddb24..3168184ea82 100644 --- a/2018/14xxx/CVE-2018-14395.json +++ b/2018/14xxx/CVE-2018-14395.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format." + "value": "libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format." } ] }, @@ -66,6 +66,11 @@ "name": "https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5", + "url": "https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5" } ] } diff --git a/2019/11xxx/CVE-2019-11338.json b/2019/11xxx/CVE-2019-11338.json index ebe6a1f2e5a..310c3897b04 100644 --- a/2019/11xxx/CVE-2019-11338.json +++ b/2019/11xxx/CVE-2019-11338.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data." + "value": "libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data." } ] }, @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4431-1", "url": "https://usn.ubuntu.com/4431-1/" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b", + "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b" } ] } diff --git a/2019/13xxx/CVE-2019-13164.json b/2019/13xxx/CVE-2019-13164.json index 61570641588..42a19b0f67e 100644 --- a/2019/13xxx/CVE-2019-13164.json +++ b/2019/13xxx/CVE-2019-13164.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass." + "value": "qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass." } ] }, @@ -121,6 +121,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-66", "url": "https://security.gentoo.org/glsa/202003-66" + }, + { + "refsource": "MISC", + "name": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086", + "url": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086" } ] } diff --git a/2019/15xxx/CVE-2019-15523.json b/2019/15xxx/CVE-2019-15523.json index fa5d25cc93a..ac3c00b6f43 100644 --- a/2019/15xxx/CVE-2019-15523.json +++ b/2019/15xxx/CVE-2019-15523.json @@ -56,6 +56,11 @@ "url": "https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2", "refsource": "MISC", "name": "https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210104 [SECURITY] [DLA 2515-1] csync2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html" } ] } diff --git a/2019/18xxx/CVE-2019-18641.json b/2019/18xxx/CVE-2019-18641.json index e070b9a0f9e..caae3d2c99f 100644 --- a/2019/18xxx/CVE-2019-18641.json +++ b/2019/18xxx/CVE-2019-18641.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20210103 Multiple vulnerabilities found in Rock RMS including RCE and account takeover", "url": "http://seclists.org/fulldisclosure/2021/Jan/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html" } ] } diff --git a/2019/9xxx/CVE-2019-9718.json b/2019/9xxx/CVE-2019-9718.json index 85edd70b4be..cf9e0ce22ba 100644 --- a/2019/9xxx/CVE-2019-9718.json +++ b/2019/9xxx/CVE-2019-9718.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf." + "value": "In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf." } ] }, @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4449", "url": "https://www.debian.org/security/2019/dsa-4449" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21", + "url": "https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21" } ] } diff --git a/2020/12xxx/CVE-2020-12658.json b/2020/12xxx/CVE-2020-12658.json index bb203b021df..99d3c03c2ea 100644 --- a/2020/12xxx/CVE-2020-12658.json +++ b/2020/12xxx/CVE-2020-12658.json @@ -66,6 +66,11 @@ "url": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003", "refsource": "MISC", "name": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210104 [SECURITY] [DLA 2516-1] gssproxy security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html" } ] } diff --git a/2020/25xxx/CVE-2020-25507.json b/2020/25xxx/CVE-2020-25507.json index 9944ef04319..52c206ed030 100644 --- a/2020/25xxx/CVE-2020-25507.json +++ b/2020/25xxx/CVE-2020-25507.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment." + "value": "An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW)." } ] }, @@ -61,6 +61,31 @@ "refsource": "MISC", "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md", "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/sick-2020-002/", + "url": "https://sick.codes/sick-2020-002/" + }, + { + "refsource": "CONFIRM", + "name": "https://community.nomagic.com/finding-and-fixing-wrong-file-permission-twc-installation-t7165.html", + "url": "https://community.nomagic.com/finding-and-fixing-wrong-file-permission-twc-installation-t7165.html" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/finding-a-vulnerability-in-teamwork-cloud-server-nomagic-3ds-which-is-used-by-gov-enterprise-to-design-rockets-missiles-and-satellites", + "url": "https://sick.codes/finding-a-vulnerability-in-teamwork-cloud-server-nomagic-3ds-which-is-used-by-gov-enterprise-to-design-rockets-missiles-and-satellites" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20201219155833/https://docs.nomagic.com/pages/viewpage.action?pageId=20846937", + "url": "https://web.archive.org/web/20201219155833/https://docs.nomagic.com/pages/viewpage.action?pageId=20846937" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20201219095507/https://docs.nomagic.com/display/TWCloud185SP1/Installation+on+Centos+7.", + "url": "https://web.archive.org/web/20201219095507/https://docs.nomagic.com/display/TWCloud185SP1/Installation+on+Centos+7." } ] } diff --git a/2020/26xxx/CVE-2020-26292.json b/2020/26xxx/CVE-2020-26292.json index 2635b571514..5b9e7d6ba61 100644 --- a/2020/26xxx/CVE-2020-26292.json +++ b/2020/26xxx/CVE-2020-26292.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. \n\nIf you used the source code, you are **NOT** affected. This only affects the binary releases.\n\nThe binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean." + "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean." } ] }, diff --git a/2020/26xxx/CVE-2020-26293.json b/2020/26xxx/CVE-2020-26293.json index ad87849db78..0432800f6c1 100644 --- a/2020/26xxx/CVE-2020-26293.json +++ b/2020/26xxx/CVE-2020-26293.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed.\n\nIf you have explicitly allowed the `