From dd8bb6beda64d4ce2b9a5836955b398d6d451302 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Nov 2020 08:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/16xxx/CVE-2020-16846.json | 61 ++++++++++++++++++++++++++--- 2020/17xxx/CVE-2020-17490.json | 61 ++++++++++++++++++++++++++--- 2020/22xxx/CVE-2020-22278.json | 2 +- 2020/25xxx/CVE-2020-25592.json | 61 ++++++++++++++++++++++++++--- 2020/26xxx/CVE-2020-26521.json | 61 ++++++++++++++++++++++++++--- 2020/26xxx/CVE-2020-26892.json | 61 ++++++++++++++++++++++++++--- 2020/27xxx/CVE-2020-27152.json | 71 +++++++++++++++++++++++++++++++--- 2020/27xxx/CVE-2020-27616.json | 61 ++++++++++++++++++++++++++--- 2020/27xxx/CVE-2020-27617.json | 61 ++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28196.json | 56 ++++++++++++++++++++++++--- 10 files changed, 501 insertions(+), 55 deletions(-) diff --git a/2020/16xxx/CVE-2020-16846.json b/2020/16xxx/CVE-2020-16846.json index 8ad18c4d72b..6c6ab7a13ec 100644 --- a/2020/16xxx/CVE-2020-16846.json +++ b/2020/16xxx/CVE-2020-16846.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-16846", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-16846", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saltstack/salt/releases", + "refsource": "MISC", + "name": "https://github.com/saltstack/salt/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", + "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" } ] } diff --git a/2020/17xxx/CVE-2020-17490.json b/2020/17xxx/CVE-2020-17490.json index 2b74356c138..444dbce7553 100644 --- a/2020/17xxx/CVE-2020-17490.json +++ b/2020/17xxx/CVE-2020-17490.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release", + "refsource": "MISC", + "name": "https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release" + }, + { + "refsource": "CONFIRM", + "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", + "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" } ] } diff --git a/2020/22xxx/CVE-2020-22278.json b/2020/22xxx/CVE-2020-22278.json index c18abba2ca2..2a31ecfb31b 100644 --- a/2020/22xxx/CVE-2020-22278.json +++ b/2020/22xxx/CVE-2020-22278.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "phpMyAdmin through 5.0.2 allows CSV injection via Export Section" + "value": "** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because \"the CSV file is accurately generated based on the database contents.\"" } ] }, diff --git a/2020/25xxx/CVE-2020-25592.json b/2020/25xxx/CVE-2020-25592.json index 6051d5d51f0..d6e202ac389 100644 --- a/2020/25xxx/CVE-2020-25592.json +++ b/2020/25xxx/CVE-2020-25592.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html", + "refsource": "MISC", + "name": "https://docs.saltstack.com/en/latest/topics/releases/index.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", + "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" } ] } diff --git a/2020/26xxx/CVE-2020-26521.json b/2020/26xxx/CVE-2020-26521.json index 187c41c3df3..55a864c607f 100644 --- a/2020/26xxx/CVE-2020-26521.json +++ b/2020/26xxx/CVE-2020-26521.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nats-io/nats-server/commits/master", + "refsource": "MISC", + "name": "https://github.com/nats-io/nats-server/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/11/02/2", + "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2" } ] } diff --git a/2020/26xxx/CVE-2020-26892.json b/2020/26xxx/CVE-2020-26892.json index 5620e05df94..d8c90ae77d3 100644 --- a/2020/26xxx/CVE-2020-26892.json +++ b/2020/26xxx/CVE-2020-26892.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26892", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26892", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nats-io/nats-server/commits/master", + "refsource": "MISC", + "name": "https://github.com/nats-io/nats-server/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openwall.com/lists/oss-security/2020/11/02/2", + "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2" } ] } diff --git a/2020/27xxx/CVE-2020-27152.json b/2020/27xxx/CVE-2020-27152.json index e5460efe8d1..9c0092336ff 100644 --- a/2020/27xxx/CVE-2020-27152.json +++ b/2020/27xxx/CVE-2020-27152.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27152", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27152", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=208767", + "refsource": "MISC", + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=208767" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20201103 CVE-2020-27152 Kernel: KVM: host stack overflow via loop due to lazy update IOAPIC", + "url": "http://www.openwall.com/lists/oss-security/2020/11/03/1" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77377064c3a94911339f13ce113b3abf265e06da", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77377064c3a94911339f13ce113b3abf265e06da" + }, + { + "refsource": "CONFIRM", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.2", + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.2" } ] } diff --git a/2020/27xxx/CVE-2020-27616.json b/2020/27xxx/CVE-2020-27616.json index bd4abe587eb..84277f65daa 100644 --- a/2020/27xxx/CVE-2020-27616.json +++ b/2020/27xxx/CVE-2020-27616.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/11/03/2", + "url": "http://www.openwall.com/lists/oss-security/2020/11/03/2" } ] } diff --git a/2020/27xxx/CVE-2020-27617.json b/2020/27xxx/CVE-2020-27617.json index 59e9a035c1c..6a18fc56f63 100644 --- a/2020/27xxx/CVE-2020-27617.json +++ b/2020/27xxx/CVE-2020-27617.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27617", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27617", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/11/02/1", + "url": "http://www.openwall.com/lists/oss-security/2020/11/02/1" } ] } diff --git a/2020/28xxx/CVE-2020-28196.json b/2020/28xxx/CVE-2020-28196.json index 91160e51bbb..9572ab9dd15 100644 --- a/2020/28xxx/CVE-2020-28196.json +++ b/2020/28xxx/CVE-2020-28196.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd", + "url": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd" } ] }