admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-02 15:01:39 +00:00
parent 10d6f68249
commit 17713c743d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 203 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/14xxx/CVE-2020-14369.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "cfme-gemset 5.11.8.1-1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."
}
]
}

50
2020/25xxx/CVE-2020-25638.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "hibernate-core",
"version": {
"version_data": [
{
"version_value": "Hibernate ORM versions before 5.4.24.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

55
2020/28xxx/CVE-2020-28272.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keyget",
"version": {
"version_data": [
{
"version_value": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"refsource": "MISC",
"name": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2",
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
]
}

60
2020/28xxx/CVE-2020-28273.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "set-in",
"version": {
"version_data": [
{
"version_value": "1.0.0, 1.1.0, 1.1.1, 2.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database",
"url": "https://www.whitesourcesoftware.com/vulnerability-database"
},
{
"refsource": "MISC",
"name": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88",
"url": "https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88"
},
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28273"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
]
}