From f483c9fcbb877ec8003df1a4f8a788f9446cd5f8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Oct 2020 21:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/13xxx/CVE-2017-13139.json | 10 +++--- 2017/13xxx/CVE-2017-13145.json | 10 +++--- 2017/13xxx/CVE-2017-13146.json | 4 +-- 2017/14xxx/CVE-2017-14172.json | 10 +++--- 2017/14xxx/CVE-2017-14173.json | 10 +++--- 2017/14xxx/CVE-2017-14341.json | 10 +++--- 2020/25xxx/CVE-2020-25768.json | 61 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25867.json | 56 +++++++++++++++++++++++++++---- 8 files changed, 132 insertions(+), 39 deletions(-) diff --git a/2017/13xxx/CVE-2017-13139.json b/2017/13xxx/CVE-2017-13139.json index f1c77416dae..87b87f2345c 100644 --- a/2017/13xxx/CVE-2017-13139.json +++ b/2017/13xxx/CVE-2017-13139.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05", - "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05" - }, { "name": "DSA-4040", "refsource": "DEBIAN", @@ -86,6 +81,11 @@ "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4", + "url": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4" } ] } diff --git a/2017/13xxx/CVE-2017-13145.json b/2017/13xxx/CVE-2017-13145.json index 4589ef2a475..1aab8dee7c6 100644 --- a/2017/13xxx/CVE-2017-13145.json +++ b/2017/13xxx/CVE-2017-13145.json @@ -72,11 +72,6 @@ "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, - { - "name": "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc", - "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc" - }, { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830", "refsource": "CONFIRM", @@ -96,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/f13c6b54a879aaa771ec64b5a066b939e8f8e7f0", + "url": "https://github.com/ImageMagick/ImageMagick/commit/f13c6b54a879aaa771ec64b5a066b939e8f8e7f0" } ] } diff --git a/2017/13xxx/CVE-2017-13146.json b/2017/13xxx/CVE-2017-13146.json index c22877bd91d..501939c359f 100644 --- a/2017/13xxx/CVE-2017-13146.json +++ b/2017/13xxx/CVE-2017-13146.json @@ -63,9 +63,9 @@ "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870013" }, { - "name": "https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430", "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430" + "name": "https://github.com/ImageMagick/ImageMagick/commit/79e5dbcdd1fc2f714f9bae548bc55d5073f3ed20", + "url": "https://github.com/ImageMagick/ImageMagick/commit/79e5dbcdd1fc2f714f9bae548bc55d5073f3ed20" } ] } diff --git a/2017/14xxx/CVE-2017-14172.json b/2017/14xxx/CVE-2017-14172.json index 7106ef06b58..e73c1721100 100644 --- a/2017/14xxx/CVE-2017-14172.json +++ b/2017/14xxx/CVE-2017-14172.json @@ -67,11 +67,6 @@ "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/715" }, - { - "name": "https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c", - "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", @@ -81,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac", + "url": "https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac" } ] } diff --git a/2017/14xxx/CVE-2017-14173.json b/2017/14xxx/CVE-2017-14173.json index 8dfc2fafb41..56716704f4d 100644 --- a/2017/14xxx/CVE-2017-14173.json +++ b/2017/14xxx/CVE-2017-14173.json @@ -62,11 +62,6 @@ "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, - { - "name": "https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d", - "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d" - }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/713", "refsource": "CONFIRM", @@ -81,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/50f54462076648ac2e36c3f58f4dadd4babbf1c9", + "url": "https://github.com/ImageMagick/ImageMagick/commit/50f54462076648ac2e36c3f58f4dadd4babbf1c9" } ] } diff --git a/2017/14xxx/CVE-2017-14341.json b/2017/14xxx/CVE-2017-14341.json index 4065b787d32..da4d355a1b3 100644 --- a/2017/14xxx/CVE-2017-14341.json +++ b/2017/14xxx/CVE-2017-14341.json @@ -62,11 +62,6 @@ "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, - { - "name": "https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4", - "refsource": "CONFIRM", - "url": "https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", @@ -76,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24", + "url": "https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24" } ] } diff --git a/2020/25xxx/CVE-2020-25768.json b/2020/25xxx/CVE-2020-25768.json index 1f6be9b74e8..091c10cb369 100644 --- a/2020/25xxx/CVE-2020-25768.json +++ b/2020/25xxx/CVE-2020-25768.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25768", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25768", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.contao.org/en/forumdisplay.php?4-Announcements", + "refsource": "MISC", + "name": "https://community.contao.org/en/forumdisplay.php?4-Announcements" + }, + { + "refsource": "CONFIRM", + "name": "https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html", + "url": "https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html" } ] } diff --git a/2020/25xxx/CVE-2020-25867.json b/2020/25xxx/CVE-2020-25867.json index 7b7bd3ac3b4..c00e781468f 100644 --- a/2020/25xxx/CVE-2020-25867.json +++ b/2020/25xxx/CVE-2020-25867.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thomasfady/CVE-2020-25867", + "url": "https://github.com/thomasfady/CVE-2020-25867" } ] }