From 98dc52763d132609df414e9c8a760b8b1d7473e1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Mar 2021 13:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13949.json | 5 +++ 2020/1xxx/CVE-2020-1936.json | 5 +++ 2020/25xxx/CVE-2020-25902.json | 61 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25829.json | 5 +++ 2021/25xxx/CVE-2021-25830.json | 5 +++ 2021/25xxx/CVE-2021-25831.json | 5 +++ 2021/25xxx/CVE-2021-25832.json | 5 +++ 2021/25xxx/CVE-2021-25833.json | 5 +++ 8 files changed, 90 insertions(+), 6 deletions(-) diff --git a/2020/13xxx/CVE-2020-13949.json b/2020/13xxx/CVE-2020-13949.json index cf454136b0e..c9eb7789a9c 100644 --- a/2020/13xxx/CVE-2020-13949.json +++ b/2020/13xxx/CVE-2020-13949.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", "url": "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", + "url": "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1936.json b/2020/1xxx/CVE-2020-1936.json index 84834285072..d602c826ab5 100644 --- a/2020/1xxx/CVE-2020-1936.json +++ b/2020/1xxx/CVE-2020-1936.json @@ -69,6 +69,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread.html/946a9d72e664ad8bc592168d9a2fed88100c6e9f1bdfea08e91a3184%40%3Cuser.ambari.apache.org%3E", "name": "https://lists.apache.org/thread.html/946a9d72e664ad8bc592168d9a2fed88100c6e9f1bdfea08e91a3184%40%3Cuser.ambari.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210301 CVE-2020-1936: Stored XSS in Apache Ambari", + "url": "http://www.openwall.com/lists/oss-security/2021/03/02/1" } ] }, diff --git a/2020/25xxx/CVE-2020-25902.json b/2020/25xxx/CVE-2020-25902.json index 7725168960b..ac6d71dfa18 100644 --- a/2020/25xxx/CVE-2020-25902.json +++ b/2020/25xxx/CVE-2020-25902.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25902", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25902", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.blackboard.com/teaching-learning/collaboration-web-conferencing/blackboard-collaborate", + "refsource": "MISC", + "name": "https://www.blackboard.com/teaching-learning/collaboration-web-conferencing/blackboard-collaborate" + }, + { + "refsource": "MISC", + "name": "https://github.com/Lawyer-1/Turki/blob/main/CVE-2020-25902.md", + "url": "https://github.com/Lawyer-1/Turki/blob/main/CVE-2020-25902.md" } ] } diff --git a/2021/25xxx/CVE-2021-25829.json b/2021/25xxx/CVE-2021-25829.json index c66d980c18c..2c37f52275f 100644 --- a/2021/25xxx/CVE-2021-25829.json +++ b/2021/25xxx/CVE-2021-25829.json @@ -96,6 +96,11 @@ "url": "https://github.com/ONLYOFFICE/core/blob/c1e4a2ce33bdcfab29d670f5fdb10fc63cf5fd6a/ASCOfficePPTXFile/PPTXFormat/Theme.h#L277", "refsource": "MISC", "name": "https://github.com/ONLYOFFICE/core/blob/c1e4a2ce33bdcfab29d670f5fdb10fc63cf5fd6a/ASCOfficePPTXFile/PPTXFormat/Theme.h#L277" + }, + { + "refsource": "MISC", + "name": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25829", + "url": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25829" } ] } diff --git a/2021/25xxx/CVE-2021-25830.json b/2021/25xxx/CVE-2021-25830.json index 6b798f557af..d17fe57b9b8 100644 --- a/2021/25xxx/CVE-2021-25830.json +++ b/2021/25xxx/CVE-2021-25830.json @@ -76,6 +76,11 @@ "url": "https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L1918", "refsource": "MISC", "name": "https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L1918" + }, + { + "refsource": "MISC", + "name": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25830", + "url": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25830" } ] } diff --git a/2021/25xxx/CVE-2021-25831.json b/2021/25xxx/CVE-2021-25831.json index 1fa9697e9a3..1c014121419 100644 --- a/2021/25xxx/CVE-2021-25831.json +++ b/2021/25xxx/CVE-2021-25831.json @@ -76,6 +76,11 @@ "url": "https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/PPTXFormat/Logic/Fills/BlipFill.cpp#L328", "refsource": "MISC", "name": "https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/PPTXFormat/Logic/Fills/BlipFill.cpp#L328" + }, + { + "refsource": "MISC", + "name": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25831", + "url": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25831" } ] } diff --git a/2021/25xxx/CVE-2021-25832.json b/2021/25xxx/CVE-2021-25832.json index 7db572c9393..ff2c3d6a667 100644 --- a/2021/25xxx/CVE-2021-25832.json +++ b/2021/25xxx/CVE-2021-25832.json @@ -81,6 +81,11 @@ "url": "https://github.com/ONLYOFFICE/core/blob/v6.0.1.15/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L428", "refsource": "MISC", "name": "https://github.com/ONLYOFFICE/core/blob/v6.0.1.15/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L428" + }, + { + "refsource": "MISC", + "name": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25832", + "url": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25832" } ] } diff --git a/2021/25xxx/CVE-2021-25833.json b/2021/25xxx/CVE-2021-25833.json index cbfa4b98cbb..a7da757b97d 100644 --- a/2021/25xxx/CVE-2021-25833.json +++ b/2021/25xxx/CVE-2021-25833.json @@ -76,6 +76,11 @@ "url": "https://github.com/ONLYOFFICE/server/blob/v5.6.0.21/FileConverter/sources/converter.js#L283", "refsource": "MISC", "name": "https://github.com/ONLYOFFICE/server/blob/v5.6.0.21/FileConverter/sources/converter.js#L283" + }, + { + "refsource": "MISC", + "name": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25833", + "url": "https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25833" } ] }