diff --git a/2016/10xxx/CVE-2016-10095.json b/2016/10xxx/CVE-2016-10095.json index 0ae1f178da6..6e96d3286f5 100644 --- a/2016/10xxx/CVE-2016-10095.json +++ b/2016/10xxx/CVE-2016-10095.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file." + "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file." } ] }, diff --git a/2017/15xxx/CVE-2017-15018.json b/2017/15xxx/CVE-2017-15018.json index 7eb947d4172..3ed07464dd1 100644 --- a/2017/15xxx/CVE-2017-15018.json +++ b/2017/15xxx/CVE-2017-15018.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c." + "value": "LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c." } ] }, diff --git a/2017/15xxx/CVE-2017-15046.json b/2017/15xxx/CVE-2017-15046.json index d2df2377e5c..64361014069 100644 --- a/2017/15xxx/CVE-2017-15046.json +++ b/2017/15xxx/CVE-2017-15046.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412." + "value": "LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412." } ] }, diff --git a/2017/5xxx/CVE-2017-5974.json b/2017/5xxx/CVE-2017-5974.json index 12f2e5e7c38..5585d50d5f7 100644 --- a/2017/5xxx/CVE-2017-5974.json +++ b/2017/5xxx/CVE-2017-5974.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." + "value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." } ] }, diff --git a/2017/5xxx/CVE-2017-5975.json b/2017/5xxx/CVE-2017-5975.json index 10f49fd9ae3..ee6c23bb108 100644 --- a/2017/5xxx/CVE-2017-5975.json +++ b/2017/5xxx/CVE-2017-5975.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." + "value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." } ] }, diff --git a/2017/5xxx/CVE-2017-5976.json b/2017/5xxx/CVE-2017-5976.json index 22a57009aa0..f92e811652b 100644 --- a/2017/5xxx/CVE-2017-5976.json +++ b/2017/5xxx/CVE-2017-5976.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." + "value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." } ] }, diff --git a/2018/7xxx/CVE-2018-7456.json b/2018/7xxx/CVE-2018-7456.json index 2fa41e85420..71e902b6869 100644 --- a/2018/7xxx/CVE-2018-7456.json +++ b/2018/7xxx/CVE-2018-7456.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)" + "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)" } ] }, @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2051", "url": "https://access.redhat.com/errata/RHSA-2019:2051" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2053", + "url": "https://access.redhat.com/errata/RHSA-2019:2053" } ] } diff --git a/2020/29xxx/CVE-2020-29557.json b/2020/29xxx/CVE-2020-29557.json index 2d0f207d1c2..e4d54fe2f4b 100644 --- a/2020/29xxx/CVE-2020-29557.json +++ b/2020/29xxx/CVE-2020-29557.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29557", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.ru/ru/download2/5/19/2354/441/", + "refsource": "MISC", + "name": "https://www.dlink.ru/ru/download2/5/19/2354/441/" + }, + { + "refsource": "MISC", + "name": "https://shaqed.github.io/dlink/", + "url": "https://shaqed.github.io/dlink/" } ] } diff --git a/2021/25xxx/CVE-2021-25646.json b/2021/25xxx/CVE-2021-25646.json index 1761e1116f8..0709e4947d1 100644 --- a/2021/25xxx/CVE-2021-25646.json +++ b/2021/25xxx/CVE-2021-25646.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.\n" + "value": "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process." } ] }, @@ -66,8 +66,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E", + "name": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E" } ] }, @@ -80,4 +81,4 @@ "value": "Users should upgrade to Druid 0.20.1. Whenever possible, network access to cluster machines should be restricted to trusted hosts only." } ] -} +} \ No newline at end of file