diff --git a/2020/12xxx/CVE-2020-12460.json b/2020/12xxx/CVE-2020-12460.json index 379b1894b4c..4d3a31ce6c4 100644 --- a/2020/12xxx/CVE-2020-12460.json +++ b/2020/12xxx/CVE-2020-12460.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12460", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12460", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/opendmarc/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/opendmarc/" + }, + { + "refsource": "MISC", + "name": "https://github.com/trusteddomainproject/OpenDMARC/issues/64", + "url": "https://github.com/trusteddomainproject/OpenDMARC/issues/64" } ] } diff --git a/2020/12xxx/CVE-2020-12845.json b/2020/12xxx/CVE-2020-12845.json index 51bcfada307..01e1eaf1f28 100644 --- a/2020/12xxx/CVE-2020-12845.json +++ b/2020/12xxx/CVE-2020-12845.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12845", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12845", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cherokee/webserver/releases", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/releases" + }, + { + "url": "http://cherokee-project.com/downloads.html", + "refsource": "MISC", + "name": "http://cherokee-project.com/downloads.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1242", + "url": "https://github.com/cherokee/webserver/issues/1242" } ] } diff --git a/2020/12xxx/CVE-2020-12880.json b/2020/12xxx/CVE-2020-12880.json index f2f8ef0808b..ae44a2afe5f 100644 --- a/2020/12xxx/CVE-2020-12880.json +++ b/2020/12xxx/CVE-2020-12880.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12880", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12880", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.pulsesecure.net/?atype=sa", + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/?atype=sa" + }, + { + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516" } ] } diff --git a/2020/1xxx/CVE-2020-1935.json b/2020/1xxx/CVE-2020-1935.json index 58aade0f9cc..017277004eb 100644 --- a/2020/1xxx/CVE-2020-1935.json +++ b/2020/1xxx/CVE-2020-1935.json @@ -119,6 +119,11 @@ "refsource": "MLIST", "name": "[tomcat-users] 20200726 Re: CVE-2020-1935", "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-users] 20200727 RE: CVE-2020-1935", + "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E" } ] },