"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2020-10-13 20:01:36 +00:00 · 2020-10-13 20:01:36 +00:00 · b9db6c240b
commit b9db6c240b
parent 9ab881f91c
5 changed files with 67 additions and 3 deletions
--- a/2020/13xxx/CVE-2020-13957.json
+++ b/2020/13xxx/CVE-2020-13957.json
@ -48,6 +48,11 @@
                "refsource": "MISC",
                "name": "https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E",
                "url": "https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[lucene-issues] 20201013 [jira] [Updated] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented",
+                "url": "https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E"
            }
        ]
    },
--- a/2020/25xxx/CVE-2020-25645.json
+++ b/2020/25xxx/CVE-2020-25645.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-25645",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "kernel",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Linux kernel versions before 5.9-rc7"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-319"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988",
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
            }
        ]
    }
--- a/2020/5xxx/CVE-2020-5398.json
+++ b/2020/5xxx/CVE-2020-5398.json
@ -208,6 +208,11 @@
                "refsource": "MISC",
                "name": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E",
                "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
+                "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E"
            }
        ]
    },
--- a/2020/5xxx/CVE-2020-5421.json
+++ b/2020/5xxx/CVE-2020-5421.json
@ -83,6 +83,11 @@
                "refsource": "MLIST",
                "name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
                "url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
+                "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E"
            }
        ]
    },
--- a/2020/6xxx/CVE-2020-6555.json
+++ b/2020/6xxx/CVE-2020-6555.json
@ -59,6 +59,11 @@
                "refsource": "FEDORA",
                "name": "FEDORA-2020-6da740d38c",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1123",
+                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1123"
            }
        ]
    },