"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2020-09-09 18:01:49 +00:00 · 2020-09-09 18:01:49 +00:00 · cb1d259968
commit cb1d259968
parent 71e8085b31
3 changed files with 67 additions and 8 deletions
--- a/2014/9xxx/CVE-2014-9390.json
+++ b/2014/9xxx/CVE-2014-9390.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem."
+                "value": "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem."
            }
        ]
    },
@ -86,6 +86,16 @@
                "refsource": "MISC",
                "name": "http://securitytracker.com/id?1031404",
                "url": "http://securitytracker.com/id?1031404"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915",
+                "url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://libgit2.org/security/",
+                "url": "https://libgit2.org/security/"
            }
        ]
    }
--- a/2020/13xxx/CVE-2020-13127.json
+++ b/2020/13xxx/CVE-2020-13127.json
@ -1,17 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2020-13127",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-13127",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://manuals.loway.ch/QM_WhatsNew-chunked/ch17.html",
+                "refsource": "MISC",
+                "name": "https://manuals.loway.ch/QM_WhatsNew-chunked/ch17.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://blog.divisionzero.co/2020/05/18/cve-2020-13127/",
+                "url": "https://blog.divisionzero.co/2020/05/18/cve-2020-13127/"
            }
        ]
    }
--- a/2020/15xxx/CVE-2020-15163.json
+++ b/2020/15xxx/CVE-2020-15163.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates.\n\nThis is fixed in version 0.12 and newer."
+                "value": "Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer."
            }
        ]
    },