"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-01-29 20:00:42 +00:00 · 2021-01-29 20:00:42 +00:00 · cd654817b7
commit cd654817b7
parent a4f7e7c784
9 changed files with 72 additions and 17 deletions
--- a/2016/10xxx/CVE-2016-10095.json
+++ b/2016/10xxx/CVE-2016-10095.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
+                "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
            }
        ]
    },
--- a/2017/15xxx/CVE-2017-15018.json
+++ b/2017/15xxx/CVE-2017-15018.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
+                "value": "LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
            }
        ]
    },
--- a/2017/15xxx/CVE-2017-15046.json
+++ b/2017/15xxx/CVE-2017-15046.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412."
+                "value": "LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412."
            }
        ]
    },
--- a/2017/5xxx/CVE-2017-5974.json
+++ b/2017/5xxx/CVE-2017-5974.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
+                "value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
            }
        ]
    },
--- a/2017/5xxx/CVE-2017-5975.json
+++ b/2017/5xxx/CVE-2017-5975.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
+                "value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
            }
        ]
    },
--- a/2017/5xxx/CVE-2017-5976.json
+++ b/2017/5xxx/CVE-2017-5976.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
+                "value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
            }
        ]
    },
--- a/2018/7xxx/CVE-2018-7456.json
+++ b/2018/7xxx/CVE-2018-7456.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
+                "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
            }
        ]
    },
@ -96,6 +96,11 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2051",
                "url": "https://access.redhat.com/errata/RHSA-2019:2051"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:2053",
                "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
        ]
    }
--- a/2020/29xxx/CVE-2020-29557.json
+++ b/2020/29xxx/CVE-2020-29557.json
@ -1,17 +1,66 @@
 {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-29557",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-29557",
        "STATE": "PUBLIC"
    },
-    "description": {
+    "affects": {
-        "description_data": [
+        "vendor": {
            "vendor_data": [
                {
-                "lang": "eng",
+                    "product": {
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.dlink.ru/ru/download2/5/19/2354/441/",
                "refsource": "MISC",
                "name": "https://www.dlink.ru/ru/download2/5/19/2354/441/"
            },
            {
                "refsource": "MISC",
                "name": "https://shaqed.github.io/dlink/",
                "url": "https://shaqed.github.io/dlink/"
            }
        ]
    }
--- a/2021/25xxx/CVE-2021-25646.json
+++ b/2021/25xxx/CVE-2021-25646.json
@ -43,7 +43,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.\n"
+                "value": "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process."
            }
        ]
    },
@ -66,8 +66,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E"
+                "url": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E",
                "name": "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E"
            }
        ]
    },