From b92376df4b8a48a1c0bb272731716afdec72884d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Aug 2020 19:01:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16759.json | 5 +++ 2020/24xxx/CVE-2020-24342.json | 67 ++++++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24343.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24344.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24345.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24346.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24347.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24348.json | 62 +++++++++++++++++++++++++++++++ 2020/24xxx/CVE-2020-24349.json | 62 +++++++++++++++++++++++++++++++ 9 files changed, 506 insertions(+) create mode 100644 2020/24xxx/CVE-2020-24342.json create mode 100644 2020/24xxx/CVE-2020-24343.json create mode 100644 2020/24xxx/CVE-2020-24344.json create mode 100644 2020/24xxx/CVE-2020-24345.json create mode 100644 2020/24xxx/CVE-2020-24346.json create mode 100644 2020/24xxx/CVE-2020-24347.json create mode 100644 2020/24xxx/CVE-2020-24348.json create mode 100644 2020/24xxx/CVE-2020-24349.json diff --git a/2019/16xxx/CVE-2019-16759.json b/2019/16xxx/CVE-2019-16759.json index 3ec952be3cc..c5e41bfa408 100644 --- a/2019/16xxx/CVE-2019-16759.json +++ b/2019/16xxx/CVE-2019-16759.json @@ -96,6 +96,11 @@ "refsource": "FULLDISC", "name": "20200811 Remote Code Execution 0day in vBulletin 5.x", "url": "http://seclists.org/fulldisclosure/2020/Aug/5" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.html" } ] } diff --git a/2020/24xxx/CVE-2020-24342.json b/2020/24xxx/CVE-2020-24342.json new file mode 100644 index 00000000000..bf2478403f6 --- /dev/null +++ b/2020/24xxx/CVE-2020-24342.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html", + "refsource": "MISC", + "name": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html" + }, + { + "url": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27", + "refsource": "MISC", + "name": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24343.json b/2020/24xxx/CVE-2020-24343.json new file mode 100644 index 00000000000..bcf07490a4b --- /dev/null +++ b/2020/24xxx/CVE-2020-24343.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ccxvii/mujs/issues/136", + "refsource": "MISC", + "name": "https://github.com/ccxvii/mujs/issues/136" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24344.json b/2020/24xxx/CVE-2020-24344.json new file mode 100644 index 00000000000..9c3cbb19935 --- /dev/null +++ b/2020/24xxx/CVE-2020-24344.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jerryscript-project/jerryscript/issues/3976", + "refsource": "MISC", + "name": "https://github.com/jerryscript-project/jerryscript/issues/3976" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24345.json b/2020/24xxx/CVE-2020-24345.json new file mode 100644 index 00000000000..fac297acb54 --- /dev/null +++ b/2020/24xxx/CVE-2020-24345.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse(\"[]\",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jerryscript-project/jerryscript/issues/3977", + "refsource": "MISC", + "name": "https://github.com/jerryscript-project/jerryscript/issues/3977" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24346.json b/2020/24xxx/CVE-2020-24346.json new file mode 100644 index 00000000000..8b2d5ea3d50 --- /dev/null +++ b/2020/24xxx/CVE-2020-24346.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/325", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/325" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24347.json b/2020/24xxx/CVE-2020-24347.json new file mode 100644 index 00000000000..191fbf93628 --- /dev/null +++ b/2020/24xxx/CVE-2020-24347.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/323", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/323" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24348.json b/2020/24xxx/CVE-2020-24348.json new file mode 100644 index 00000000000..1b7b6ea7308 --- /dev/null +++ b/2020/24xxx/CVE-2020-24348.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/322", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/322" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24349.json b/2020/24xxx/CVE-2020-24349.json new file mode 100644 index 00000000000..08e66cc4aa3 --- /dev/null +++ b/2020/24xxx/CVE-2020-24349.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be \"fluff\" in the NGINX use case because there is no remote attack surface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/324", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/324" + } + ] + } +} \ No newline at end of file