From f82f04adb44c9c2f658f0fc542f4abd2f65f88a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Jun 2020 19:01:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10177.json | 76 +++++++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10378.json | 76 +++++++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10379.json | 76 +++++++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10994.json | 76 +++++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11538.json | 71 ++++++++++++++++++++++++++++--- 2020/15xxx/CVE-2020-15300.json | 18 ++++++++ 2020/15xxx/CVE-2020-15301.json | 18 ++++++++ 7 files changed, 381 insertions(+), 30 deletions(-) create mode 100644 2020/15xxx/CVE-2020-15300.json create mode 100644 2020/15xxx/CVE-2020-15301.json diff --git a/2020/10xxx/CVE-2020-10177.json b/2020/10xxx/CVE-2020-10177.json index 282a1bcdcdc..c7b18deb9a5 100644 --- a/2020/10xxx/CVE-2020-10177.json +++ b/2020/10xxx/CVE-2020-10177.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10177", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10177", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" + }, + { + "url": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4538", + "url": "https://github.com/python-pillow/Pillow/pull/4538" + }, + { + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4503", + "url": "https://github.com/python-pillow/Pillow/pull/4503" } ] } diff --git a/2020/10xxx/CVE-2020-10378.json b/2020/10xxx/CVE-2020-10378.json index af072550e8d..14f79a9ff29 100644 --- a/2020/10xxx/CVE-2020-10378.json +++ b/2020/10xxx/CVE-2020-10378.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10378", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10378", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" + }, + { + "url": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4538", + "url": "https://github.com/python-pillow/Pillow/pull/4538" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac", + "url": "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac" + }, + { + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" } ] } diff --git a/2020/10xxx/CVE-2020-10379.json b/2020/10xxx/CVE-2020-10379.json index 1cb57ee5e4a..be1d46a0eb1 100644 --- a/2020/10xxx/CVE-2020-10379.json +++ b/2020/10xxx/CVE-2020-10379.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" + }, + { + "url": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4538", + "url": "https://github.com/python-pillow/Pillow/pull/4538" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac", + "url": "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac" + }, + { + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" } ] } diff --git a/2020/10xxx/CVE-2020-10994.json b/2020/10xxx/CVE-2020-10994.json index 3d0e38f2911..13764483188 100644 --- a/2020/10xxx/CVE-2020-10994.json +++ b/2020/10xxx/CVE-2020-10994.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10994", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multiple out-of-bounds reads via a crafted JP2 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/" + }, + { + "url": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging/", + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/commits/master/src/libImaging/" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4538", + "url": "https://github.com/python-pillow/Pillow/pull/4538" + }, + { + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4505", + "url": "https://github.com/python-pillow/Pillow/pull/4505" } ] } diff --git a/2020/11xxx/CVE-2020-11538.json b/2020/11xxx/CVE-2020-11538.json index 167c6ca2140..67641f3e115 100644 --- a/2020/11xxx/CVE-2020-11538.json +++ b/2020/11xxx/CVE-2020-11538.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11538", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4538", + "url": "https://github.com/python-pillow/Pillow/pull/4538" + }, + { + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-pillow/Pillow/pull/4504", + "url": "https://github.com/python-pillow/Pillow/pull/4504" } ] } diff --git a/2020/15xxx/CVE-2020-15300.json b/2020/15xxx/CVE-2020-15300.json new file mode 100644 index 00000000000..f5e08acdca0 --- /dev/null +++ b/2020/15xxx/CVE-2020-15300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15301.json b/2020/15xxx/CVE-2020-15301.json new file mode 100644 index 00000000000..d4a7d5272ba --- /dev/null +++ b/2020/15xxx/CVE-2020-15301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file