From f1fd24097d28ee5c831e228816ad90ed98627a02 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 16 Apr 2023 00:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/17xxx/CVE-2018-17537.json | 53 ++++++++++++++++++++++- 2018/17xxx/CVE-2018-17883.json | 53 ++++++++++++++++++++++- 2019/14xxx/CVE-2019-14942.json | 75 +++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14944.json | 77 ++++++++++++++++++++++++++++++++++ 2020/27xxx/CVE-2020-27545.json | 76 ++++++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28163.json | 71 ++++++++++++++++++++++++++++--- 6 files changed, 389 insertions(+), 16 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14942.json create mode 100644 2019/14xxx/CVE-2019-14944.json diff --git a/2018/17xxx/CVE-2018-17537.json b/2018/17xxx/CVE-2018-17537.json index ca669af68e9..244ebd79a42 100644 --- a/2018/17xxx/CVE-2018-17537.json +++ b/2018/17xxx/CVE-2018-17537.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17537", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/", + "url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/" } ] } diff --git a/2018/17xxx/CVE-2018-17883.json b/2018/17xxx/CVE-2018-17883.json index e00c8effd3e..d56351c7431 100644 --- a/2018/17xxx/CVE-2018-17883.json +++ b/2018/17xxx/CVE-2018-17883.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17883", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.otrs.com/category/release-and-security-notes-en/", + "refsource": "MISC", + "name": "https://community.otrs.com/category/release-and-security-notes-en/" + }, + { + "refsource": "CONFIRM", + "name": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/", + "url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/" } ] } diff --git a/2019/14xxx/CVE-2019-14942.json b/2019/14xxx/CVE-2019-14942.json new file mode 100644 index 00000000000..3499f578dcf --- /dev/null +++ b/2019/14xxx/CVE-2019-14942.json @@ -0,0 +1,75 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab-pages/issues/232", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-pages/issues/232" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/", + "url": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" + } + ] + }, + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14944.json b/2019/14xxx/CVE-2019-14944.json new file mode 100644 index 00000000000..9049372a4e0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14944.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitaly/issues/1801", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitaly/issues/1801" + }, + { + "url": "https://gitlab.com/gitlab-org/gitaly/issues/1802", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitaly/issues/1802" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/", + "url": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27545.json b/2020/27xxx/CVE-2020-27545.json index 4f320b522c2..596b42e45a8 100644 --- a/2020/27xxx/CVE-2020-27545.json +++ b/2020/27xxx/CVE-2020-27545.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/libdwarf/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/libdwarf/" + }, + { + "refsource": "MISC", + "name": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea", + "url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea" + }, + { + "refsource": "MISC", + "name": "https://www.prevanders.net/dwarfbug.html#DW202010-001", + "url": "https://www.prevanders.net/dwarfbug.html#DW202010-001" + }, + { + "refsource": "MISC", + "name": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/", + "url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694" } ] } diff --git a/2020/28xxx/CVE-2020-28163.json b/2020/28xxx/CVE-2020-28163.json index 615b9849904..88698bd45c1 100644 --- a/2020/28xxx/CVE-2020-28163.json +++ b/2020/28xxx/CVE-2020-28163.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28163", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28163", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3", + "url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3" + }, + { + "refsource": "MISC", + "name": "https://www.prevanders.net/dwarfbug.html#DW202010-003", + "url": "https://www.prevanders.net/dwarfbug.html#DW202010-003" + }, + { + "refsource": "MISC", + "name": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/", + "url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000" } ] }