From 83c44557f44e9322bbe86d8034af12a7a95e096e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Dec 2020 21:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15523.json | 62 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16281.json | 72 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16747.json | 72 ++++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11103.json | 61 +++++++++++++++++++++++++--- 4 files changed, 261 insertions(+), 6 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15523.json create mode 100644 2019/16xxx/CVE-2019-16281.json create mode 100644 2019/16xxx/CVE-2019-16747.json diff --git a/2019/15xxx/CVE-2019-15523.json b/2019/15xxx/CVE-2019-15523.json new file mode 100644 index 00000000000..fa5d25cc93a --- /dev/null +++ b/2019/15xxx/CVE-2019-15523.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2", + "refsource": "MISC", + "name": "https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16281.json b/2019/16xxx/CVE-2019-16281.json new file mode 100644 index 00000000000..e56236369cf --- /dev/null +++ b/2019/16xxx/CVE-2019-16281.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ptarmigan before 0.2.3 lacks API token validation, e.g., an \"if (token === apiToken) {return true;} return false;\" code block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nayutaco/ptarmigan/compare/v0.2.2...v0.2.3", + "refsource": "MISC", + "name": "https://github.com/nayutaco/ptarmigan/compare/v0.2.2...v0.2.3" + }, + { + "refsource": "MISC", + "name": "https://github.com/nayutaco/ptarmigan/releases/tag/v0.2.3", + "url": "https://github.com/nayutaco/ptarmigan/releases/tag/v0.2.3" + }, + { + "refsource": "MISC", + "name": "https://github.com/nayutaco/ptarmigan/commit/37fd8f9da3bab9d323ddd77f2fd20b6dde8bcf6c", + "url": "https://github.com/nayutaco/ptarmigan/commit/37fd8f9da3bab9d323ddd77f2fd20b6dde8bcf6c" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16747.json b/2019/16xxx/CVE-2019-16747.json new file mode 100644 index 00000000000..01cc0f69f5f --- /dev/null +++ b/2019/16xxx/CVE-2019-16747.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/matrixssl/matrixssl/issues/33", + "refsource": "MISC", + "name": "https://github.com/matrixssl/matrixssl/issues/33" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open", + "url": "https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.md", + "url": "https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11103.json b/2020/11xxx/CVE-2020-11103.json index ce6b428b718..49b47d9d3c4 100644 --- a/2020/11xxx/CVE-2020-11103.json +++ b/2020/11xxx/CVE-2020-11103.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11103", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11103", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bitbucket.org/meszarv/webswing/issues/375/webswing-jslink-mechanism-remote-code", + "url": "https://bitbucket.org/meszarv/webswing/issues/375/webswing-jslink-mechanism-remote-code" + }, + { + "refsource": "CONFIRM", + "name": "https://www.webswing.org/docs/2.6/discover/release_notes.html#release-notes-2-6-12", + "url": "https://www.webswing.org/docs/2.6/discover/release_notes.html#release-notes-2-6-12" } ] }