From b59471355834dfa10cbc28a612132d4ca184ca84 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Dec 2020 21:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10004.json | 5 +++ 2020/10xxx/CVE-2020-10007.json | 5 +++ 2020/10xxx/CVE-2020-10010.json | 5 +++ 2020/10xxx/CVE-2020-10012.json | 5 +++ 2020/10xxx/CVE-2020-10014.json | 5 +++ 2020/10xxx/CVE-2020-10017.json | 5 +++ 2020/14xxx/CVE-2020-14368.json | 50 ++++++++++++++++++++++++++++-- 2020/15xxx/CVE-2020-15969.json | 5 +++ 2020/20xxx/CVE-2020-20189.json | 56 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25707.json | 4 +-- 2020/27xxx/CVE-2020-27825.json | 4 +-- 2020/27xxx/CVE-2020-27896.json | 5 +++ 2020/27xxx/CVE-2020-27910.json | 5 +++ 2020/27xxx/CVE-2020-27911.json | 5 +++ 2020/27xxx/CVE-2020-27912.json | 5 +++ 2020/27xxx/CVE-2020-27926.json | 5 +++ 2020/9xxx/CVE-2020-9943.json | 5 +++ 2020/9xxx/CVE-2020-9944.json | 5 +++ 18 files changed, 171 insertions(+), 13 deletions(-) diff --git a/2020/10xxx/CVE-2020-10004.json b/2020/10xxx/CVE-2020-10004.json index ba762a7b677..0df7b515a43 100644 --- a/2020/10xxx/CVE-2020-10004.json +++ b/2020/10xxx/CVE-2020-10004.json @@ -65,6 +65,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211929", "name": "https://support.apple.com/en-us/HT211929" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/10xxx/CVE-2020-10007.json b/2020/10xxx/CVE-2020-10007.json index 520561c5d93..faca07c3ad3 100644 --- a/2020/10xxx/CVE-2020-10007.json +++ b/2020/10xxx/CVE-2020-10007.json @@ -49,6 +49,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/10xxx/CVE-2020-10010.json b/2020/10xxx/CVE-2020-10010.json index c0f1865eff1..8e5abd14a37 100644 --- a/2020/10xxx/CVE-2020-10010.json +++ b/2020/10xxx/CVE-2020-10010.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211930", "name": "https://support.apple.com/en-us/HT211930" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/10xxx/CVE-2020-10012.json b/2020/10xxx/CVE-2020-10012.json index 8a8ec0a9051..4dbfce1d6da 100644 --- a/2020/10xxx/CVE-2020-10012.json +++ b/2020/10xxx/CVE-2020-10012.json @@ -49,6 +49,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/10xxx/CVE-2020-10014.json b/2020/10xxx/CVE-2020-10014.json index 172c75ac425..9e973f49aff 100644 --- a/2020/10xxx/CVE-2020-10014.json +++ b/2020/10xxx/CVE-2020-10014.json @@ -49,6 +49,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/10xxx/CVE-2020-10017.json b/2020/10xxx/CVE-2020-10017.json index dae95c464a9..36474025b7b 100644 --- a/2020/10xxx/CVE-2020-10017.json +++ b/2020/10xxx/CVE-2020-10017.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211930", "name": "https://support.apple.com/en-us/HT211930" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/14xxx/CVE-2020-14368.json b/2020/14xxx/CVE-2020-14368.json index 3e1bc354f1d..88b1e274cca 100644 --- a/2020/14xxx/CVE-2020-14368.json +++ b/2020/14xxx/CVE-2020-14368.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "eclipse", + "version": { + "version_data": [ + { + "version_value": "che-theia 7.14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1823892", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1823892" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim's workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] } diff --git a/2020/15xxx/CVE-2020-15969.json b/2020/15xxx/CVE-2020-15969.json index 2ab4f5ffbf9..dc6a5afb529 100644 --- a/2020/15xxx/CVE-2020-15969.json +++ b/2020/15xxx/CVE-2020-15969.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212009", + "url": "https://support.apple.com/kb/HT212009" } ] }, diff --git a/2020/20xxx/CVE-2020-20189.json b/2020/20xxx/CVE-2020-20189.json index 1f90b99c0c1..d83a5ec6790 100644 --- a/2020/20xxx/CVE-2020-20189.json +++ b/2020/20xxx/CVE-2020-20189.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20189", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20189", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\\newpost.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ornose15/NewPK/issues/1", + "refsource": "MISC", + "name": "https://github.com/ornose15/NewPK/issues/1" } ] } diff --git a/2020/25xxx/CVE-2020-25707.json b/2020/25xxx/CVE-2020-25707.json index 09485bed252..04a8ce1729b 100644 --- a/2020/25xxx/CVE-2020-25707.json +++ b/2020/25xxx/CVE-2020-25707.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-25707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916" } ] } diff --git a/2020/27xxx/CVE-2020-27825.json b/2020/27xxx/CVE-2020-27825.json index 7bb1921dc7d..2c2d4ac30de 100644 --- a/2020/27xxx/CVE-2020-27825.json +++ b/2020/27xxx/CVE-2020-27825.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "kernel 5.10-rc1" + "version_value": "before kernel 5.10-rc1" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running in parallel on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat." + "value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat." } ] } diff --git a/2020/27xxx/CVE-2020-27896.json b/2020/27xxx/CVE-2020-27896.json index a96daa28e3d..4bdeb133dce 100644 --- a/2020/27xxx/CVE-2020-27896.json +++ b/2020/27xxx/CVE-2020-27896.json @@ -60,6 +60,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/27xxx/CVE-2020-27910.json b/2020/27xxx/CVE-2020-27910.json index 36842a56ad8..3c4e53e16c2 100644 --- a/2020/27xxx/CVE-2020-27910.json +++ b/2020/27xxx/CVE-2020-27910.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211930", "name": "https://support.apple.com/en-us/HT211930" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/27xxx/CVE-2020-27911.json b/2020/27xxx/CVE-2020-27911.json index 8a21615b9f2..64e76a7a6d6 100644 --- a/2020/27xxx/CVE-2020-27911.json +++ b/2020/27xxx/CVE-2020-27911.json @@ -129,6 +129,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211933", "name": "https://support.apple.com/en-us/HT211933" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/27xxx/CVE-2020-27912.json b/2020/27xxx/CVE-2020-27912.json index ae55053799d..b15841c2847 100644 --- a/2020/27xxx/CVE-2020-27912.json +++ b/2020/27xxx/CVE-2020-27912.json @@ -129,6 +129,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211933", "name": "https://support.apple.com/en-us/HT211933" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/27xxx/CVE-2020-27926.json b/2020/27xxx/CVE-2020-27926.json index 7785f43e1ec..cfa5ac2715c 100644 --- a/2020/27xxx/CVE-2020-27926.json +++ b/2020/27xxx/CVE-2020-27926.json @@ -49,6 +49,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211929", "name": "https://support.apple.com/en-us/HT211929" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/9xxx/CVE-2020-9943.json b/2020/9xxx/CVE-2020-9943.json index 274753ec96d..5fb153916a0 100644 --- a/2020/9xxx/CVE-2020-9943.json +++ b/2020/9xxx/CVE-2020-9943.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] }, diff --git a/2020/9xxx/CVE-2020-9944.json b/2020/9xxx/CVE-2020-9944.json index 1089e0d0975..ffce6ecd88d 100644 --- a/2020/9xxx/CVE-2020-9944.json +++ b/2020/9xxx/CVE-2020-9944.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931", "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212011", + "url": "https://support.apple.com/kb/HT212011" } ] },