diff --git a/2011/1xxx/CVE-2011-1805.json b/2011/1xxx/CVE-2011-1805.json index 5175b597e99..c1b627612f2 100644 --- a/2011/1xxx/CVE-2011-1805.json +++ b/2011/1xxx/CVE-2011-1805.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2011-1805", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,7 +46,9 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/82633" + "url": "https://crbug.com/82633", + "refsource": "MISC", + "name": "https://crbug.com/82633" } ] }, @@ -57,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2863.json b/2011/2xxx/CVE-2011-2863.json index b59e9963752..184e99736a9 100644 --- a/2011/2xxx/CVE-2011-2863.json +++ b/2011/2xxx/CVE-2011-2863.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2011-2863", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,7 +46,9 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/93759" + "url": "https://crbug.com/93759", + "refsource": "MISC", + "name": "https://crbug.com/93759" } ] }, @@ -57,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11080.json b/2020/11xxx/CVE-2020-11080.json index 41aa019b617..2731dda4133 100644 --- a/2020/11xxx/CVE-2020-11080.json +++ b/2020/11xxx/CVE-2020-11080.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service.\n\nThe proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%.\n\nnghttp2 v1.41.0 fixes this vulnerability.\n\nThere is a workaround to this vulnerability.\nImplement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection." + "value": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection." } ] }, diff --git a/2020/11xxx/CVE-2020-11091.json b/2020/11xxx/CVE-2020-11091.json index 22e3fffd05f..e4d76ded9cb 100644 --- a/2020/11xxx/CVE-2020-11091.json +++ b/2020/11xxx/CVE-2020-11091.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service.\n\nIn a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them.\n\nBy sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container.\nEven if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.\nIf by chance you also have on the host a vulnerability like last year's RCE in apt (CVE-2019-3462), you can now escalate to the host.\n\nWeave Net version 2.6.3 disables the accept_ra option on the veth devices that it creates." + "value": "In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond. If by chance you also have on the host a vulnerability like last year's RCE in apt (CVE-2019-3462), you can now escalate to the host. Weave Net version 2.6.3 disables the accept_ra option on the veth devices that it creates." } ] }, diff --git a/2020/13xxx/CVE-2020-13799.json b/2020/13xxx/CVE-2020-13799.json new file mode 100644 index 00000000000..d4c36fc8772 --- /dev/null +++ b/2020/13xxx/CVE-2020-13799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13800.json b/2020/13xxx/CVE-2020-13800.json new file mode 100644 index 00000000000..994c521a7f4 --- /dev/null +++ b/2020/13xxx/CVE-2020-13800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13801.json b/2020/13xxx/CVE-2020-13801.json new file mode 100644 index 00000000000..c92d081be38 --- /dev/null +++ b/2020/13xxx/CVE-2020-13801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13802.json b/2020/13xxx/CVE-2020-13802.json new file mode 100644 index 00000000000..7e34083053e --- /dev/null +++ b/2020/13xxx/CVE-2020-13802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5296.json b/2020/5xxx/CVE-2020-5296.json index d72ea54b3ec..b13261f7a37 100644 --- a/2020/5xxx/CVE-2020-5296.json +++ b/2020/5xxx/CVE-2020-5296.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466,\nan attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server.\nThe vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission.\n\nIssue has been patched in Build 466 (v1.0.466)." + "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466)." } ] }, @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932", - "refsource": "CONFIRM", - "url": "https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932" - }, { "name": "https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc", "refsource": "MISC", "url": "https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc" + }, + { + "name": "https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932" } ] }, diff --git a/2020/5xxx/CVE-2020-5297.json b/2020/5xxx/CVE-2020-5297.json index ed23b526646..92aef5459d3 100644 --- a/2020/5xxx/CVE-2020-5297.json +++ b/2020/5xxx/CVE-2020-5297.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with\nthe `cms.manage_assets` permission.\n\nIssue has been patched in Build 466 (v1.0.466)." + "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466)." } ] }, diff --git a/2020/5xxx/CVE-2020-5299.json b/2020/5xxx/CVE-2020-5299.json index 038aee9d9b1..d15b68c4e52 100644 --- a/2020/5xxx/CVE-2020-5299.json +++ b/2020/5xxx/CVE-2020-5299.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466,\nany users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController`\ncould potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious.\nThis requires attackers to achieve the following before a successful attack can be completed: \n\n1. Have found a vulnerability in the victims spreadsheet software of choice.\n2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim.\n3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software.\n\nIssue has been patched in Build 466 (v1.0.466)." + "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)." } ] }, diff --git a/2020/6xxx/CVE-2020-6419.json b/2020/6xxx/CVE-2020-6419.json index ada7d3d9160..47634093d54 100644 --- a/2020/6xxx/CVE-2020-6419.json +++ b/2020/6xxx/CVE-2020-6419.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6419", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1040325" + "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html" }, { - "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html" + "url": "https://crbug.com/1040325", + "refsource": "MISC", + "name": "https://crbug.com/1040325" } ] }, diff --git a/2020/6xxx/CVE-2020-6453.json b/2020/6xxx/CVE-2020-6453.json index e937afd260f..3ca8c956048 100644 --- a/2020/6xxx/CVE-2020-6453.json +++ b/2020/6xxx/CVE-2020-6453.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6453", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1065094" + "url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html" }, { - "url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html" + "url": "https://crbug.com/1065094", + "refsource": "MISC", + "name": "https://crbug.com/1065094" } ] }, diff --git a/2020/6xxx/CVE-2020-6493.json b/2020/6xxx/CVE-2020-6493.json index 3536212caf0..dc895ceb114 100644 --- a/2020/6xxx/CVE-2020-6493.json +++ b/2020/6xxx/CVE-2020-6493.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6493", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1082105" + "url": "https://crbug.com/1082105", + "refsource": "MISC", + "name": "https://crbug.com/1082105" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6494.json b/2020/6xxx/CVE-2020-6494.json index 9b44b66b508..302cba536b5 100644 --- a/2020/6xxx/CVE-2020-6494.json +++ b/2020/6xxx/CVE-2020-6494.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6494", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1083972" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/1083972", + "refsource": "MISC", + "name": "https://crbug.com/1083972" } ] }, diff --git a/2020/6xxx/CVE-2020-6495.json b/2020/6xxx/CVE-2020-6495.json index 59e68a8b7b3..c132538f605 100644 --- a/2020/6xxx/CVE-2020-6495.json +++ b/2020/6xxx/CVE-2020-6495.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6495", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1072116" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/1072116", + "refsource": "MISC", + "name": "https://crbug.com/1072116" } ] }, diff --git a/2020/6xxx/CVE-2020-6496.json b/2020/6xxx/CVE-2020-6496.json index 29cc2336fc8..3d197699f75 100644 --- a/2020/6xxx/CVE-2020-6496.json +++ b/2020/6xxx/CVE-2020-6496.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6496", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1085990" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/1085990", + "refsource": "MISC", + "name": "https://crbug.com/1085990" } ] }, diff --git a/2020/6xxx/CVE-2020-6497.json b/2020/6xxx/CVE-2020-6497.json index aaa01d7f349..d462ac0a416 100644 --- a/2020/6xxx/CVE-2020-6497.json +++ b/2020/6xxx/CVE-2020-6497.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6497", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1069246" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/1069246", + "refsource": "MISC", + "name": "https://crbug.com/1069246" } ] }, diff --git a/2020/6xxx/CVE-2020-6498.json b/2020/6xxx/CVE-2020-6498.json index d6b88e80a9f..d7de40b3de6 100644 --- a/2020/6xxx/CVE-2020-6498.json +++ b/2020/6xxx/CVE-2020-6498.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6498", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1081081" + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/1081081", + "refsource": "MISC", + "name": "https://crbug.com/1081081" } ] }, diff --git a/2020/6xxx/CVE-2020-6499.json b/2020/6xxx/CVE-2020-6499.json index 2ec5312f43d..0077dd87cd4 100644 --- a/2020/6xxx/CVE-2020-6499.json +++ b/2020/6xxx/CVE-2020-6499.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6499", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/999001" + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/999001", + "refsource": "MISC", + "name": "https://crbug.com/999001" } ] }, diff --git a/2020/6xxx/CVE-2020-6500.json b/2020/6xxx/CVE-2020-6500.json index 965a3b8ff63..6c311c336fc 100644 --- a/2020/6xxx/CVE-2020-6500.json +++ b/2020/6xxx/CVE-2020-6500.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6500", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/843095" + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/843095", + "refsource": "MISC", + "name": "https://crbug.com/843095" } ] }, diff --git a/2020/6xxx/CVE-2020-6501.json b/2020/6xxx/CVE-2020-6501.json index 78df0dfdd2d..546944b9aa2 100644 --- a/2020/6xxx/CVE-2020-6501.json +++ b/2020/6xxx/CVE-2020-6501.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6501", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/990581" + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/990581", + "refsource": "MISC", + "name": "https://crbug.com/990581" } ] }, diff --git a/2020/6xxx/CVE-2020-6502.json b/2020/6xxx/CVE-2020-6502.json index 0e7e285894f..bece5aeb7b6 100644 --- a/2020/6xxx/CVE-2020-6502.json +++ b/2020/6xxx/CVE-2020-6502.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6502", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/785159" + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { - "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + "url": "https://crbug.com/785159", + "refsource": "MISC", + "name": "https://crbug.com/785159" } ] }, diff --git a/2020/6xxx/CVE-2020-6503.json b/2020/6xxx/CVE-2020-6503.json index 2b2a9dd5ff0..8d8a1938e80 100644 --- a/2020/6xxx/CVE-2020-6503.json +++ b/2020/6xxx/CVE-2020-6503.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6503", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/639322" + "url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html" }, { - "url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html" + "url": "https://crbug.com/639322", + "refsource": "MISC", + "name": "https://crbug.com/639322" } ] }, diff --git a/2020/6xxx/CVE-2020-6504.json b/2020/6xxx/CVE-2020-6504.json index f4fec464712..80b85d6a1c2 100644 --- a/2020/6xxx/CVE-2020-6504.json +++ b/2020/6xxx/CVE-2020-6504.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6504", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/875503" + "url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html" }, { - "url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html" + "url": "https://crbug.com/875503", + "refsource": "MISC", + "name": "https://crbug.com/875503" } ] },