From 15f42cb988fbdb94bad37eb2a62f1b59671986e5 Mon Sep 17 00:00:00 2001
From: Bishop <fabric8.analytics.cve.bot@gmail.com>
Date: Wed, 8 Jul 2020 06:12:54 +0000
Subject: [PATCH] Add CVE-2020-7456

---
 database/java/2020/7456.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 database/java/2020/7456.yaml

diff --git a/database/java/2020/7456.yaml b/database/java/2020/7456.yaml
new file mode 100644
index 0000000000..a9a38a1f33
--- /dev/null
+++ b/database/java/2020/7456.yaml
@@ -0,0 +1,16 @@
+---
+cve: 2020-7456
+title: CVE in de.hilling.maven.release:smart-release-plugin
+description: >
+    In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.
+cvss_v2: 7.2
+references:
+    - https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc
+    - https://security.netapp.com/advisory/ntap-20200625-0005/
+affected:
+    - groupId: de.hilling.maven.release
+      artifactId: smart-release-plugin
+      version:
+        []
+      fixedin:
+        - ">=3.0"