From 79298ace1bbaacde99bd0d3721400d835900a62b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Feb 2020 18:01:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/2xxx/CVE-2015-2992.json | 60 +++++++++++++++++++++++++++++++-- 2017/16xxx/CVE-2017-16900.json | 58 ++++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1940.json | 5 +++ 2020/7xxx/CVE-2020-7041.json | 61 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7042.json | 61 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7043.json | 61 ++++++++++++++++++++++++++++++---- 6 files changed, 283 insertions(+), 23 deletions(-) diff --git a/2015/2xxx/CVE-2015-2992.json b/2015/2xxx/CVE-2015-2992.json index 682e18f1083..49f3525d2a2 100644 --- a/2015/2xxx/CVE-2015-2992.json +++ b/2015/2xxx/CVE-2015-2992.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-2992", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "before 2.3.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN88408929/index.html", + "url": "http://jvn.jp/en/jp/JVN88408929/index.html" + }, + { + "refsource": "MISC", + "name": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/76624", + "url": "http://www.securityfocus.com/bid/76624" } ] } diff --git a/2017/16xxx/CVE-2017-16900.json b/2017/16xxx/CVE-2017-16900.json index 18f20065d81..3b6be2a6362 100644 --- a/2017/16xxx/CVE-2017-16900.json +++ b/2017/16xxx/CVE-2017-16900.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16900", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://hunesion.com", + "refsource": "MISC", + "name": "http://hunesion.com" + }, + { + "url": "http://i-onenet.com", + "refsource": "MISC", + "name": "http://i-onenet.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/summtime/CVE/tree/master/CVE-2017-16900", + "url": "https://github.com/summtime/CVE/tree/master/CVE-2017-16900" } ] } diff --git a/2020/1xxx/CVE-2020-1940.json b/2020/1xxx/CVE-2020-1940.json index df089f18f6f..66da2299d6e 100644 --- a/2020/1xxx/CVE-2020-1940.json +++ b/2020/1xxx/CVE-2020-1940.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[jackrabbit-oak-commits] 20200221 svn commit: r1874301 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/reports.md", "url": "https://lists.apache.org/thread.html/r3da8e2fd253ecd4d3a0de71ce255631148b54be8500225b5812f7737@%3Coak-commits.jackrabbit.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-commits] 20200227 svn commit: r1874583 [4/4] - in /jackrabbit/site/live/oak/docs: ./ architecture/ coldstandby/ features/ nodestore/ nodestore/document/ nodestore/segment/ oak-mongo-js/ oak_api/ plugins/ query/ security/ security/accesscontrol/ security/authentication/ ...", + "url": "https://lists.apache.org/thread.html/rba884dbe733781cbaaffa28b77bc37a6a9f948b3a72a1bdad5e1587c@%3Ccommits.jackrabbit.apache.org%3E" } ] }, diff --git a/2020/7xxx/CVE-2020-7041.json b/2020/7xxx/CVE-2020-7041.json index 4c29c53d5b2..6b6b95f2235 100644 --- a/2020/7xxx/CVE-2020-7041.json +++ b/2020/7xxx/CVE-2020-7041.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adrienverge/openfortivpn/issues/536", + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/issues/536" + }, + { + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4", + "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4" } ] } diff --git a/2020/7xxx/CVE-2020-7042.json b/2020/7xxx/CVE-2020-7042.json index 2278922595c..c413064b734 100644 --- a/2020/7xxx/CVE-2020-7042.json +++ b/2020/7xxx/CVE-2020-7042.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adrienverge/openfortivpn/issues/536", + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/issues/536" + }, + { + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4", + "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4" } ] } diff --git a/2020/7xxx/CVE-2020-7043.json b/2020/7xxx/CVE-2020-7043.json index ecb7111058f..a32e146894c 100644 --- a/2020/7xxx/CVE-2020-7043.json +++ b/2020/7xxx/CVE-2020-7043.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7043", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\\0' characters, as demonstrated by a good.example.com\\x00evil.example.com attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adrienverge/openfortivpn/issues/536", + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/issues/536" + }, + { + "refsource": "MISC", + "name": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4", + "url": "https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4" } ] }