From f9cdd1d8eb4970ec1aaf0766368561a60ea6dd8c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Oct 2020 20:02:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24422.json | 90 +++++++++++++++++++++++++++++++--- 2020/25xxx/CVE-2020-25820.json | 22 +++------ 2020/9xxx/CVE-2020-9747.json | 90 +++++++++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9748.json | 90 +++++++++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9749.json | 90 +++++++++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9750.json | 90 +++++++++++++++++++++++++++++++--- 6 files changed, 426 insertions(+), 46 deletions(-) diff --git a/2020/24xxx/CVE-2020-24422.json b/2020/24xxx/CVE-2020-24422.json index 42fab9e7d28..7888dd9b949 100644 --- a/2020/24xxx/CVE-2020-24422.json +++ b/2020/24xxx/CVE-2020-24422.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-13T23:00:00.000Z", "ID": "CVE-2020-24422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Uncontrolled Search Path in Creative Cloud Desktop Application" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Creative Cloud (desktop component)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "5.2" + }, + { + "version_affected": "<=", + "version_value": "2.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.0, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element (CWE-427)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-68.html", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb20-68.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25820.json b/2020/25xxx/CVE-2020-25820.json index 8bb9228fbc6..4513d58374f 100644 --- a/2020/25xxx/CVE-2020-25820.json +++ b/2020/25xxx/CVE-2020-25820.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "BigBlueButton before 2.2.27 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field." + "value": "BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field." } ] }, @@ -57,25 +57,15 @@ "refsource": "MISC", "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-005" }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7" + }, { "url": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html", "refsource": "MISC", "name": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/159667/BigBlueButton-2.2.25-File-Disclosure-Server-Side-Request-Forgery.html", - "url": "http://packetstormsecurity.com/files/159667/BigBlueButton-2.2.25-File-Disclosure-Server-Side-Request-Forgery.html" - }, - { - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/commit/71fe1eac1e5bd73a2cd44bd79c001086b250e435", - "url": "https://github.com/bigbluebutton/bigbluebutton/commit/71fe1eac1e5bd73a2cd44bd79c001086b250e435" - }, - { - "refsource": "MISC", - "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.26...v2.2.27", - "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.26...v2.2.27" } ] } diff --git a/2020/9xxx/CVE-2020-9747.json b/2020/9xxx/CVE-2020-9747.json index c06d9c16408..8eb0afd2a3f 100644 --- a/2020/9xxx/CVE-2020-9747.json +++ b/2020/9xxx/CVE-2020-9747.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-9747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Double-free vulnerability in Adobe Animate 20.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Animate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free (CWE-415)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html", + "name": "https://helpx.adobe.com/security/products/animate/apsb20-61.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9748.json b/2020/9xxx/CVE-2020-9748.json index f0b07c54f5c..9d9d0a7daae 100644 --- a/2020/9xxx/CVE-2020-9748.json +++ b/2020/9xxx/CVE-2020-9748.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-9748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Stack overflow vulnerability in Adobe Animate 20.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Animate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html", + "name": "https://helpx.adobe.com/security/products/animate/apsb20-61.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9749.json b/2020/9xxx/CVE-2020-9749.json index 1ce958ae2a3..d3692215adb 100644 --- a/2020/9xxx/CVE-2020-9749.json +++ b/2020/9xxx/CVE-2020-9749.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-9749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Out-of-bounds read vulnerability in Adobe Animate 20.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Animate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html", + "name": "https://helpx.adobe.com/security/products/animate/apsb20-61.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9750.json b/2020/9xxx/CVE-2020-9750.json index 1d40044cd22..02ec99078fa 100644 --- a/2020/9xxx/CVE-2020-9750.json +++ b/2020/9xxx/CVE-2020-9750.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-9750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Out-of-bounds read vulnerability in Adobe Animate 20.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Animate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html", + "name": "https://helpx.adobe.com/security/products/animate/apsb20-61.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file