"-Synchronized-Data."

2025-06-12 02:05:39 +00:00 · 2020-10-02 15:01:55 +00:00 · 2020-10-02 15:01:55 +00:00 · ac07dd1cb7
commit ac07dd1cb7
parent f39ae2e255
2 changed files with 12 additions and 8 deletions
--- a/2020/7xxx/CVE-2020-7069.json
+++ b/2020/7xxx/CVE-2020-7069.json
@ -54,7 +54,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. "
+                "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data."
            }
        ]
    },
@ -92,8 +92,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://bugs.php.net/bug.php?id=79601"
+                "refsource": "MISC",
+                "url": "https://bugs.php.net/bug.php?id=79601",
+                "name": "https://bugs.php.net/bug.php?id=79601"
            }
        ]
    },
--- a/2020/7xxx/CVE-2020-7070.json
+++ b/2020/7xxx/CVE-2020-7070.json
@ -54,7 +54,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. \n\nSee also CVE-2020-8184 for more information."
+                "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information."
            }
        ]
    },
@ -92,16 +92,19 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
-                "url": "https://bugs.php.net/bug.php?id=79699"
+                "refsource": "MISC",
+                "url": "https://hackerone.com/reports/895727",
+                "name": "https://hackerone.com/reports/895727"
            },
            {
                "refsource": "MISC",
-                "url": "https://hackerone.com/reports/895727"
+                "url": "https://bugs.php.net/bug.php?id=79699",
+                "name": "https://bugs.php.net/bug.php?id=79699"
            },
            {
                "refsource": "MISC",
-                "url": "http://cve.circl.lu/cve/CVE-2020-8184"
+                "url": "http://cve.circl.lu/cve/CVE-2020-8184",
+                "name": "http://cve.circl.lu/cve/CVE-2020-8184"
            }
        ]
    },