From cf7f2cd8b65fed4d0713e555be48adf4e11b901c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 31 Mar 2020 13:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10595.json | 61 +++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11414.json | 62 ++++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11415.json | 18 ++++++++++ 2020/11xxx/CVE-2020-11416.json | 18 ++++++++++ 4 files changed, 153 insertions(+), 6 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11414.json create mode 100644 2020/11xxx/CVE-2020-11415.json create mode 100644 2020/11xxx/CVE-2020-11416.json diff --git a/2020/10xxx/CVE-2020-10595.json b/2020/10xxx/CVE-2020-10595.json index 08053703f62..1d41306c33c 100644 --- a/2020/10xxx/CVE-2020-10595.json +++ b/2020/10xxx/CVE-2020-10595.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760", + "url": "https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/03/31/1", + "url": "http://www.openwall.com/lists/oss-security/2020/03/31/1" } ] } diff --git a/2020/11xxx/CVE-2020-11414.json b/2020/11xxx/CVE-2020-11414.json new file mode 100644 index 00000000000..532c54b115c --- /dev/null +++ b/2020/11xxx/CVE-2020-11414.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.telerik.com/devtools/silverlight/controls/radupload/how-to/secure-upload-file-path", + "refsource": "MISC", + "name": "https://docs.telerik.com/devtools/silverlight/controls/radupload/how-to/secure-upload-file-path" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11415.json b/2020/11xxx/CVE-2020-11415.json new file mode 100644 index 00000000000..128e7541a37 --- /dev/null +++ b/2020/11xxx/CVE-2020-11415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11416.json b/2020/11xxx/CVE-2020-11416.json new file mode 100644 index 00000000000..4f871e602e0 --- /dev/null +++ b/2020/11xxx/CVE-2020-11416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file