From 9acc3d003b56ae69595a97bf70b75c8855e334b0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 Oct 2020 13:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17373.json | 20 ++++---------- 2020/26xxx/CVE-2020-26947.json | 7 ++++- 2020/27xxx/CVE-2020-27969.json | 18 ++++++++++++ 2020/27xxx/CVE-2020-27970.json | 18 ++++++++++++ 2020/27xxx/CVE-2020-27971.json | 18 ++++++++++++ 2020/27xxx/CVE-2020-27972.json | 18 ++++++++++++ 2020/27xxx/CVE-2020-27973.json | 18 ++++++++++++ 2020/8xxx/CVE-2020-8239.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8240.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8241.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8248.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8249.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8250.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8254.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8255.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8260.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8261.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8262.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8263.json | 50 ++++++++++++++++++++++++++++++++-- 19 files changed, 665 insertions(+), 52 deletions(-) create mode 100644 2020/27xxx/CVE-2020-27969.json create mode 100644 2020/27xxx/CVE-2020-27970.json create mode 100644 2020/27xxx/CVE-2020-27971.json create mode 100644 2020/27xxx/CVE-2020-27972.json create mode 100644 2020/27xxx/CVE-2020-27973.json diff --git a/2020/17xxx/CVE-2020-17373.json b/2020/17xxx/CVE-2020-17373.json index 164f64e2aff..0c90bc7a0d1 100644 --- a/2020/17xxx/CVE-2020-17373.json +++ b/2020/17xxx/CVE-2020-17373.json @@ -52,21 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://support.sugarcrm.com/Resources/Security/", - "refsource": "MISC", - "name": "https://support.sugarcrm.com/Resources/Security/" - }, - { - "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-025", - "refsource": "MISC", - "name": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-025" - }, - { - "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-026", - "refsource": "MISC", - "name": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-026" - }, { "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2020/Aug/9", @@ -76,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/158848/SugarCRM-SQL-Injection.html", "url": "http://packetstormsecurity.com/files/158848/SugarCRM-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-051/", + "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-051/" } ] } diff --git a/2020/26xxx/CVE-2020-26947.json b/2020/26xxx/CVE-2020-26947.json index a610e38d6b7..aad8ed8368f 100644 --- a/2020/26xxx/CVE-2020-26947.json +++ b/2020/26xxx/CVE-2020-26947.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory." + "value": "monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446", "refsource": "MISC", "name": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50", + "url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50" } ] } diff --git a/2020/27xxx/CVE-2020-27969.json b/2020/27xxx/CVE-2020-27969.json new file mode 100644 index 00000000000..b5dc86b9ac7 --- /dev/null +++ b/2020/27xxx/CVE-2020-27969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27970.json b/2020/27xxx/CVE-2020-27970.json new file mode 100644 index 00000000000..8153a2ed284 --- /dev/null +++ b/2020/27xxx/CVE-2020-27970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27971.json b/2020/27xxx/CVE-2020-27971.json new file mode 100644 index 00000000000..c65d2fbe366 --- /dev/null +++ b/2020/27xxx/CVE-2020-27971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27972.json b/2020/27xxx/CVE-2020-27972.json new file mode 100644 index 00000000000..d8516e0560a --- /dev/null +++ b/2020/27xxx/CVE-2020-27972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27973.json b/2020/27xxx/CVE-2020-27973.json new file mode 100644 index 00000000000..00951c1b3bc --- /dev/null +++ b/2020/27xxx/CVE-2020-27973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8239.json b/2020/8xxx/CVE-2020-8239.json index 7de9ac88a5d..6b253fdb5c0 100644 --- a/2020/8xxx/CVE-2020-8239.json +++ b/2020/8xxx/CVE-2020-8239.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Cient", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC." } ] } diff --git a/2020/8xxx/CVE-2020-8240.json b/2020/8xxx/CVE-2020-8240.json index fe9faf36c16..021605a33df 100644 --- a/2020/8xxx/CVE-2020-8240.json +++ b/2020/8xxx/CVE-2020-8240.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8240", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider." } ] } diff --git a/2020/8xxx/CVE-2020-8241.json b/2020/8xxx/CVE-2020-8241.json index e3a40f37852..add9cbd94c2 100644 --- a/2020/8xxx/CVE-2020-8241.json +++ b/2020/8xxx/CVE-2020-8241.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8241", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Dektop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server." } ] } diff --git a/2020/8xxx/CVE-2020-8248.json b/2020/8xxx/CVE-2020-8248.json index 48c7e1b3ad1..326d6d15f64 100644 --- a/2020/8xxx/CVE-2020-8248.json +++ b/2020/8xxx/CVE-2020-8248.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege." } ] } diff --git a/2020/8xxx/CVE-2020-8249.json b/2020/8xxx/CVE-2020-8249.json index d3f5ccb0764..afd27ffd0e7 100644 --- a/2020/8xxx/CVE-2020-8249.json +++ b/2020/8xxx/CVE-2020-8249.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow." } ] } diff --git a/2020/8xxx/CVE-2020-8250.json b/2020/8xxx/CVE-2020-8250.json index d3098213418..962b1423527 100644 --- a/2020/8xxx/CVE-2020-8250.json +++ b/2020/8xxx/CVE-2020-8250.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege." } ] } diff --git a/2020/8xxx/CVE-2020-8254.json b/2020/8xxx/CVE-2020-8254.json index c1ca0ab0024..8e07cffe5ac 100644 --- a/2020/8xxx/CVE-2020-8254.json +++ b/2020/8xxx/CVE-2020-8254.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Secure Desktop Client", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Relative Path Traversal (CWE-23)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC." } ] } diff --git a/2020/8xxx/CVE-2020-8255.json b/2020/8xxx/CVE-2020-8255.json index a0d11d7641f..8f83eb2b4e0 100644 --- a/2020/8xxx/CVE-2020-8255.json +++ b/2020/8xxx/CVE-2020-8255.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Connect Secure / Pulse Policy Secure", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages." } ] } diff --git a/2020/8xxx/CVE-2020-8260.json b/2020/8xxx/CVE-2020-8260.json index 2849adf1605..37cc48a9348 100644 --- a/2020/8xxx/CVE-2020-8260.json +++ b/2020/8xxx/CVE-2020-8260.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Connect Secure / Pulse Policy Secure", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type (CWE-434)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction." } ] } diff --git a/2020/8xxx/CVE-2020-8261.json b/2020/8xxx/CVE-2020-8261.json index c4854a77074..0ec9ff87a60 100644 --- a/2020/8xxx/CVE-2020-8261.json +++ b/2020/8xxx/CVE-2020-8261.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8261", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Connect Secure / Pulse Policy Secure", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection." } ] } diff --git a/2020/8xxx/CVE-2020-8262.json b/2020/8xxx/CVE-2020-8262.json index a236cb94c12..9c0a81c4bd4 100644 --- a/2020/8xxx/CVE-2020-8262.json +++ b/2020/8xxx/CVE-2020-8262.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Connect Secure / Pulse Policy Secure", + "version": { + "version_data": [ + { + "version_value": "Fixed in 9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface." } ] } diff --git a/2020/8xxx/CVE-2020-8263.json b/2020/8xxx/CVE-2020-8263.json index 1b6d23bed46..cd50678fb4d 100644 --- a/2020/8xxx/CVE-2020-8263.json +++ b/2020/8xxx/CVE-2020-8263.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulse Connect Secure / Pulse Policy Secure", + "version": { + "version_data": [ + { + "version_value": "9.1R9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file." } ] }