admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-21 14:01:34 +00:00
parent 56fd240549
commit 29507d9fba
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 280 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2012/0xxx/CVE-2012-0929.json
View File

@ -76,6 +76,11 @@
"name": "schneider-modicon-ftp-dos(72589)", "name": "schneider-modicon-ftp-dos(72589)",
"refsource": "XF", "refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
} }
] ]
} }

71
2018/21xxx/CVE-2018-21036.json
View File

@ -1,17 +1,76 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-21036",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2018-21036",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e",
"refsource": "MISC",
"name": "https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e"
},
{
"url": "https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44",
"refsource": "MISC",
"name": "https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44"
},
{
"url": "https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md",
"refsource": "MISC",
"name": "https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200719 CVE-2018-21036: Sails.js before v1.0.0-46 DoS",
"url": "http://www.openwall.com/lists/oss-security/2020/07/19/1"
} }
] ]
} }

65
2019/10xxx/CVE-2019-10092.json
View File

@ -44,6 +44,66 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "MLIST",
"name": "[httpd-announce] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy",
"url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94@%3Cannounce.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy",
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/4"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-099575a123",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4509",
"url": "https://www.debian.org/security/2019/dsa-4509"
},
{
"refsource": "BUGTRAQ",
"name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
"url": "https://seclists.org/bugtraq/2019/Aug/47"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1900-1] apache2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4113-1",
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2051",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190905-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
},
{
"refsource": "GENTOO",
"name": "GLSA-201909-04",
"url": "https://security.gentoo.org/glsa/201909-04"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K30442259",
"url": "https://support.f5.com/csp/article/K30442259"
},
{ {
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update",
@ -98,6 +158,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html", "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html" "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd"
} }
] ]
}, },

40
2019/12xxx/CVE-2019-12401.json
View File

@ -50,6 +50,41 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "MLIST",
"name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"url": "http://www.openwall.com/lists/oss-security/2019/09/10/1"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
"url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0",
"url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E"
},
{ {
"refsource": "MLIST", "refsource": "MLIST",
"name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", "name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0",
@ -64,6 +99,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190926-0002/", "name": "https://security.netapp.com/advisory/ntap-20190926-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190926-0002/" "url": "https://security.netapp.com/advisory/ntap-20190926-0002/"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr"
} }
] ]
}, },

25
2019/12xxx/CVE-2019-12409.json
View File

@ -49,10 +49,35 @@
"name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E" "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E"
}, },
{
"refsource": "MLIST",
"name": "[lucene-issues] 20191118 [jira] [Commented] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20191118 [jira] [Updated] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-general] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[announce] 20191118 [CVE-2019-12409] Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E"
},
{ {
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS" "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr"
} }
] ]
}, },

5
2019/14xxx/CVE-2019-14223.json
View File

@ -56,6 +56,11 @@
"url": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D", "url": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D",
"refsource": "MISC", "refsource": "MISC",
"name": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D" "name": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community"
} }
] ]
} }

11
2019/20xxx/CVE-2019-20417.json
View File

@ -1,13 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-17T00:00:00",
"ID": "CVE-2019-20417", "ID": "CVE-2019-20417",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
@ -16,4 +15,4 @@
} }
] ]
} }
} }

61
2020/12xxx/CVE-2020-12432.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-12432",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-12432",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=_tkRnSr6yc0",
"url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
},
{
"refsource": "MISC",
"name": "https://github.com/d7x/CVE-2020-12432",
"url": "https://github.com/d7x/CVE-2020-12432"
} }
] ]
} }

5
2020/12xxx/CVE-2020-12640.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794", "url": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794" "name": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube"
} }
] ]
} }

5
2020/12xxx/CVE-2020-12641.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3", "url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3" "name": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube"
} }
] ]
} }

5
2020/13xxx/CVE-2020-13965.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2020-aeffd92b77", "name": "FEDORA-2020-aeffd92b77",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube"
} }
] ]
} }