admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-17 19:01:07 +00:00
parent 45d1974ed7
commit 1ac18d9cd1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 502 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2013/7xxx/CVE-2013-7324.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7324",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2014/02/10/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/02/10/13"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7324.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7324.html"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2013/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2013/10/08/4"
}
]
}

14
2014/9xxx/CVE-2014-9404.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9404",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9404",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5005. Reason: This candidate is a reservation duplicate of CVE-2014-5005. Notes: All CVE users should reference CVE-2014-5005 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

63
2015/4xxx/CVE-2015-4715.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4715",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a",
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"refsource": "MISC",
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76158",
"url": "http://www.securityfocus.com/bid/76158"
},
{
"refsource": "CONFIRM",
"name": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/",
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
}
]
}

65
2015/5xxx/CVE-2015-5215.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5215",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** DISPUTED ** The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Ipsilon",
"version": {
"version_data": [
{
"version_value": "0.1.0 before 1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1",
"url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1"
},
{
"refsource": "MISC",
"name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16",
"url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/23/10",
"url": "http://www.openwall.com/lists/oss-security/2015/10/23/10"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255168"
}
]
}

60
2015/5xxx/CVE-2015-5216.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5216",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Ipsilon",
"version": {
"version_data": [
{
"version_value": "0.1.0 before 1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/8",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"
},
{
"refsource": "MISC",
"name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16",
"url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"
}
]
}

5
2019/15xxx/CVE-2019-15613.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},

5
2019/15xxx/CVE-2019-15621.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},

5
2019/15xxx/CVE-2019-15623.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},

5
2019/15xxx/CVE-2019-15624.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},

101
2019/18xxx/CVE-2019-18998.json Normal file
View File

@ -0,0 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-18998",
"STATE": "PUBLIC",
"TITLE": "Asset Suite Direct Object Reference Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABB",
"product": {
"product_data": [
{
"product_name": "Asset Suite",
"version": {
"version_data": [
{
"version_value": "9.0 to 9.3"
},
{
"version_value": "9.4 prior to 9.4.2.6"
},
{
"version_value": "9.5 prior to 9.5.3.2"
},
{
"version_value": "9.6.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The vulnerability is corrected in the following product versions:\nAsset Suite 9.4.2.6\nAsset Suite 9.5.3.2\nAsset Suite 9.6.1"
}
],
"source": {
"advisory": "ABBVU-PGGA-2019013",
"discovery": "UNKNOWN"
}
}

76
2019/20xxx/CVE-2019-20474.json Normal file
View File

@ -0,0 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com/remote-desktop-management/knowledge-base/authorization-failure.html",
"refsource": "MISC",
"name": "https://www.manageengine.com/remote-desktop-management/knowledge-base/authorization-failure.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

55
2020/7xxx/CVE-2020-7597.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "codecov npm module",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 3.6.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f",
"url": "https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-CODECOV-548879",
"url": "https://snyk.io/vuln/SNYK-JS-CODECOV-548879"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596."
}
]
}

5
2020/8xxx/CVE-2020-8118.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},

5
2020/8xxx/CVE-2020-8119.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0220",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0229",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
},