From a00d0d9bf007d1b96068acd0ea3b0777ec0424a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 May 2020 16:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10738.json | 3 +- 2020/11xxx/CVE-2020-11078.json | 5 +++ 2020/12xxx/CVE-2020-12647.json | 2 +- 2020/12xxx/CVE-2020-12832.json | 7 ++++- 2020/13xxx/CVE-2020-13112.json | 56 ++++++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13114.json | 56 ++++++++++++++++++++++++++++++---- 6 files changed, 114 insertions(+), 15 deletions(-) diff --git a/2020/10xxx/CVE-2020-10738.json b/2020/10xxx/CVE-2020-10738.json index 47ebb46db7d..e1f5fcb7f42 100644 --- a/2020/10xxx/CVE-2020-10738.json +++ b/2020/10xxx/CVE-2020-10738.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10738", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/11xxx/CVE-2020-11078.json b/2020/11xxx/CVE-2020-11078.json index c5d2eefd517..687a3596276 100644 --- a/2020/11xxx/CVE-2020-11078.json +++ b/2020/11xxx/CVE-2020-11078.json @@ -78,6 +78,11 @@ "name": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e", "refsource": "MISC", "url": "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e" + }, + { + "refsource": "MLIST", + "name": "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078", + "url": "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E" } ] }, diff --git a/2020/12xxx/CVE-2020-12647.json b/2020/12xxx/CVE-2020-12647.json index 5d7a23580bc..c7ebd3cedc2 100644 --- a/2020/12xxx/CVE-2020-12647.json +++ b/2020/12xxx/CVE-2020-12647.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 allows local users to trigger a system fault upon execution of compiled code, or adversely affect confidentiality, integrity, and availability, via crafted syntax." + "value": "Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability." } ] }, diff --git a/2020/12xxx/CVE-2020-12832.json b/2020/12xxx/CVE-2020-12832.json index 5d948456cbb..fcd4e443d91 100644 --- a/2020/12xxx/CVE-2020-12832.json +++ b/2020/12xxx/CVE-2020-12832.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform." + "value": "WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input." } ] }, @@ -61,6 +61,11 @@ "url": "https://wordpress.org/plugins/simple-file-list/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/simple-file-list/#developers" + }, + { + "refsource": "MISC", + "name": "https://ctulhu.me/2020/05/16/cve-2020-12832/", + "url": "https://ctulhu.me/2020/05/16/cve-2020-12832/" } ] } diff --git a/2020/13xxx/CVE-2020-13112.json b/2020/13xxx/CVE-2020-13112.json index 84441db0354..13515312172 100644 --- a/2020/13xxx/CVE-2020-13112.json +++ b/2020/13xxx/CVE-2020-13112.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13112", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13112", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1", + "url": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1" } ] } diff --git a/2020/13xxx/CVE-2020-13114.json b/2020/13xxx/CVE-2020-13114.json index 4b7c9153d4c..7b6dacc539c 100644 --- a/2020/13xxx/CVE-2020-13114.json +++ b/2020/13xxx/CVE-2020-13114.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab", + "url": "https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab" } ] }