diff --git a/2019/8xxx/CVE-2019-8075.json b/2019/8xxx/CVE-2019-8075.json index 07a3dd9750e..bea1a2112bb 100644 --- a/2019/8xxx/CVE-2019-8075.json +++ b/2019/8xxx/CVE-2019-8075.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-10ec8aca61", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/16xxx/CVE-2020-16004.json b/2020/16xxx/CVE-2020-16004.json index d7b2a5389f6..60b9ed76043 100644 --- a/2020/16xxx/CVE-2020-16004.json +++ b/2020/16xxx/CVE-2020-16004.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/16xxx/CVE-2020-16005.json b/2020/16xxx/CVE-2020-16005.json index 69c571fccb0..db916b57963 100644 --- a/2020/16xxx/CVE-2020-16005.json +++ b/2020/16xxx/CVE-2020-16005.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/16xxx/CVE-2020-16006.json b/2020/16xxx/CVE-2020-16006.json index a71c62d50b5..c1cf3ce4fc4 100644 --- a/2020/16xxx/CVE-2020-16006.json +++ b/2020/16xxx/CVE-2020-16006.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/16xxx/CVE-2020-16008.json b/2020/16xxx/CVE-2020-16008.json index e589c8929db..0fc2c15be87 100644 --- a/2020/16xxx/CVE-2020-16008.json +++ b/2020/16xxx/CVE-2020-16008.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/16xxx/CVE-2020-16009.json b/2020/16xxx/CVE-2020-16009.json index b31cdae7bbf..18379bb8bef 100644 --- a/2020/16xxx/CVE-2020-16009.json +++ b/2020/16xxx/CVE-2020-16009.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4e8e48da22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3e005ce2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/" } ] }, diff --git a/2020/26xxx/CVE-2020-26890.json b/2020/26xxx/CVE-2020-26890.json index 5fb1bbcad25..fcb40c246e5 100644 --- a/2020/26xxx/CVE-2020-26890.json +++ b/2020/26xxx/CVE-2020-26890.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26890", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26890", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f", + "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f" } ] } diff --git a/2020/28xxx/CVE-2020-28348.json b/2020/28xxx/CVE-2020-28348.json index d9cbbff9b32..56ff2fdda5c 100644 --- a/2020/28xxx/CVE-2020-28348.json +++ b/2020/28xxx/CVE-2020-28348.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28348", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28348", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hashicorp/nomad/issues/9303", + "url": "https://github.com/hashicorp/nomad/issues/9303" + }, + { + "refsource": "MISC", + "name": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0128-november-10-2020", + "url": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0128-november-10-2020" } ] } diff --git a/2020/28xxx/CVE-2020-28998.json b/2020/28xxx/CVE-2020-28998.json new file mode 100644 index 00000000000..f333161fa5f --- /dev/null +++ b/2020/28xxx/CVE-2020-28998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28999.json b/2020/28xxx/CVE-2020-28999.json new file mode 100644 index 00000000000..0b102202db7 --- /dev/null +++ b/2020/28xxx/CVE-2020-28999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29000.json b/2020/29xxx/CVE-2020-29000.json new file mode 100644 index 00000000000..378199d2429 --- /dev/null +++ b/2020/29xxx/CVE-2020-29000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29001.json b/2020/29xxx/CVE-2020-29001.json new file mode 100644 index 00000000000..a684da6480a --- /dev/null +++ b/2020/29xxx/CVE-2020-29001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file