admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-18 15:01:16 +00:00
parent b2f938916a
commit 3691c8d67b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 311 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/10xxx/CVE-2020-10957.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login or lmtp."
"value": "In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp."
}
]
},
@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/1",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server",
"url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"
}
]
},

5
2020/10xxx/CVE-2020-10958.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/1",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server",
"url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"
}
]
},

86
2020/10xxx/CVE-2020-10967.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10967",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/1",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200518 Multiple vulnerabilities in Dovecot IMAP server",
"url": "http://www.openwall.com/lists/oss-security/2020/05/18/1"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
}

62
2020/12xxx/CVE-2020-12255.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12255",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/farid007/9f6ad063645d5b1550298c8b9ae953ff",
"url": "https://gist.github.com/farid007/9f6ad063645d5b1550298c8b9ae953ff"
}
]
}

62
2020/12xxx/CVE-2020-12256.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12256",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8",
"url": "https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8"
}
]
}

83
2020/12xxx/CVE-2020-12801.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2020-05-18T00:00:00.000Z",
"ID": "CVE-2020-12801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6-3 series",
"version_value": "6.3.6"
},
{
"version_affected": "<",
"version_name": "6-4 series",
"version_value": "6.4.3"
}
]
}
}
]
},
"vendor_name": "The Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Tomas Florian <tomas@armoreye.ca> for raising awareness of the issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

67
2020/8xxx/CVE-2020-8035.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8035",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://lists.horde.org/archives/announce/2020/001290.html",
"url": "https://lists.horde.org/archives/announce/2020/001290.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/horde/base/blob/c00f2fdb222055fb2ccb6d53b5b5240c0a7d2a75/docs/CHANGES",
"url": "https://github.com/horde/base/blob/c00f2fdb222055fb2ccb6d53b5b5240c0a7d2a75/docs/CHANGES"
}
]
}