admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-21 17:01:22 +00:00
parent a58deda544
commit 0deb441498
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 287 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/19xxx/CVE-2019-19046.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4302-1",
"url": "https://usn.ubuntu.com/4302-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4325-1",
"url": "https://usn.ubuntu.com/4325-1/"
}
]
}

56
2020/10xxx/CVE-2020-10786.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/snippets/1954764",
"refsource": "MISC",
"name": "https://gitlab.com/snippets/1954764"
}
]
}

56
2020/10xxx/CVE-2020-10787.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/snippets/1954764",
"refsource": "MISC",
"name": "https://gitlab.com/snippets/1954764"
}
]
}

5
2020/11xxx/CVE-2020-11100.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4321-1",
"url": "https://usn.ubuntu.com/4321-1/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html",
"url": "http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html"
}
]
}

5
2020/11xxx/CVE-2020-11501.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200416-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"refsource": "UBUNTU",
"name": "USN-4322-1",
"url": "https://usn.ubuntu.com/4322-1/"
}
]
}

56
2020/11xxx/CVE-2020-11889.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function"
}
]
}

56
2020/11xxx/CVE-2020-11890.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html"
}
]
}

56
2020/11xxx/CVE-2020-11891.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html"
}
]
}

3
2020/1xxx/CVE-2020-1699.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1699",
"ASSIGNER": "msiddiqu@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

7
2020/1xxx/CVE-2020-1757.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1757",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -20,7 +21,7 @@
{
"version_value": "all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1"
},
{
{
"version_value": "all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final"
}
]
@ -79,4 +80,4 @@
]
]
}
}
}

12
2020/5xxx/CVE-2020-5268.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Saml2 Authentication Services for ASP.NET before versions 2.7.0 and 1.0.2, there is a vulnerability in how tokens are validated in some cases.\n\nSaml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token.\nThere is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means,\ne.g. holder-of-key where possession of a private key must be proved.\nThe Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified.\nThis could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer.\nThe attacker could then use such a token to create a log in session.\n\nThis vulnerability is patched in versions 1.0.2 and 2.7.0."
"value": "In Saml2 Authentication Services for ASP.NET before versions 2.7.0 and 1.0.2, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0."
}
]
},
@ -72,6 +72,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241",
"refsource": "MISC",
"url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"
},
{
"name": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-9475-xg6m-j7pw",
"refsource": "CONFIRM",
@ -86,11 +91,6 @@
"name": "https://www.nuget.org/packages/Sustainsys.Saml2/",
"refsource": "MISC",
"url": "https://www.nuget.org/packages/Sustainsys.Saml2/"
},
{
"name": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241",
"refsource": "MISC",
"url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"
}
]
},

5
2020/6xxx/CVE-2020-6857.json
View File

@ -76,6 +76,11 @@
"refsource": "FULLDISC",
"name": "20200124 [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857",
"url": "http://seclists.org/fulldisclosure/2020/Jan/35"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html",
"url": "http://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html"
}
]
}

5
2020/8xxx/CVE-2020-8428.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4324-1",
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4325-1",
"url": "https://usn.ubuntu.com/4325-1/"
}
]
},