admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-04 19:01:22 +00:00
parent eeb198622d
commit 1705395f55
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
24 changed files with 686 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2019/19xxx/CVE-2019-19222.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19222",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"url": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19222.md",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19222.md"
}
]
}

77
2019/19xxx/CVE-2019-19223.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19223",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19223",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"url": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19223.md",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19223.md"
}
]
}

77
2019/19xxx/CVE-2019-19224.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19224",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"url": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19224.md",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19224.md"
}
]
}

77
2019/19xxx/CVE-2019-19225.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19225",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"url": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19225.md",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19225.md"
}
]
}

77
2019/19xxx/CVE-2019-19226.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19226",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"url": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19226.md",
"url": "https://github.com/0x8b30cc/DSL-2680-Multiple-Vulnerabilities/blob/master/CVE-2019-19226.md"
}
]
}

62
2020/10xxx/CVE-2020-10057.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10057",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which \"token\" is used as a CSRF protection mechanism, but without validation that \"token\" is associated with an administrative user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/J3rryBl4nks/GenixCMS/blob/master/CreateAdminBAC.md",
"refsource": "MISC",
"name": "https://github.com/J3rryBl4nks/GenixCMS/blob/master/CreateAdminBAC.md"
}
]
}

72
2020/9xxx/CVE-2020-9371.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9371",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"refsource": "MISC",
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
}
]
}

72
2020/9xxx/CVE-2020-9372.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9372",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"refsource": "MISC",
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
}
]
}

67
2020/9xxx/CVE-2020-9476.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9476",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://arris.secure.force.com/consumers/ConsumerProductSupport",
"refsource": "MISC",
"name": "https://arris.secure.force.com/consumers/ConsumerProductSupport"
},
{
"refsource": "MISC",
"name": "https://medium.com/@rsantos_14778/info-disclosure-cve-2020-9476-494a08298c6b",
"url": "https://medium.com/@rsantos_14778/info-disclosure-cve-2020-9476-494a08298c6b"
}
]
}

67
2020/9xxx/CVE-2020-9477.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9477",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://uk.humaxdigital.com/network/hga12r-02/",
"refsource": "MISC",
"name": "https://uk.humaxdigital.com/network/hga12r-02/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@rsantos_14778/info-disclosure-cve-2020-9477-29d0ca48d4fa",
"url": "https://medium.com/@rsantos_14778/info-disclosure-cve-2020-9477-29d0ca48d4fa"
}
]
}

67
2020/9xxx/CVE-2020-9550.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9550",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rubetek.com/",
"refsource": "MISC",
"name": "https://rubetek.com/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/CckKKJcM",
"url": "https://pastebin.com/CckKKJcM"
}
]
}