From f599f45877aff4b72da1429326929d0807399d66 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Jun 2020 21:01:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12607.json | 71 +++++++++++++++++++++++++++++++--- 2020/13xxx/CVE-2020-13764.json | 67 ++++++++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13765.json | 18 +++++++++ 2020/13xxx/CVE-2020-13766.json | 18 +++++++++ 2020/13xxx/CVE-2020-13767.json | 18 +++++++++ 5 files changed, 186 insertions(+), 6 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13764.json create mode 100644 2020/13xxx/CVE-2020-13765.json create mode 100644 2020/13xxx/CVE-2020-13766.json create mode 100644 2020/13xxx/CVE-2020-13767.json diff --git a/2020/12xxx/CVE-2020-12607.json b/2020/12xxx/CVE-2020-12607.json index ea53dc186a6..16c1b9fb553 100644 --- a/2020/12xxx/CVE-2020-12607.json +++ b/2020/12xxx/CVE-2020-12607.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12607", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c", + "url": "https://github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/AntonKueltz/fastecdsa/issues/52", + "url": "https://github.com/AntonKueltz/fastecdsa/issues/52" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1", + "url": "https://github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de", + "url": "https://github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de" } ] } diff --git a/2020/13xxx/CVE-2020-13764.json b/2020/13xxx/CVE-2020-13764.json new file mode 100644 index 00000000000..83405338f6e --- /dev/null +++ b/2020/13xxx/CVE-2020-13764.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.gravityforms.com/gravityforms-change-log/", + "refsource": "MISC", + "name": "https://docs.gravityforms.com/gravityforms-change-log/" + }, + { + "url": "https://github.com/wp-premium/gravityforms/compare/2.4.8...2.4.9", + "refsource": "MISC", + "name": "https://github.com/wp-premium/gravityforms/compare/2.4.8...2.4.9" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13765.json b/2020/13xxx/CVE-2020-13765.json new file mode 100644 index 00000000000..ac0dd1e5558 --- /dev/null +++ b/2020/13xxx/CVE-2020-13765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13766.json b/2020/13xxx/CVE-2020-13766.json new file mode 100644 index 00000000000..e570a84d585 --- /dev/null +++ b/2020/13xxx/CVE-2020-13766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13767.json b/2020/13xxx/CVE-2020-13767.json new file mode 100644 index 00000000000..0bce521e97b --- /dev/null +++ b/2020/13xxx/CVE-2020-13767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file