admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-01 15:01:41 +00:00
parent 6f2e375683
commit 3cebf79342
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 392 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2019/5xxx/CVE-2019-5645.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server. "
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
]
},

50
2020/6xxx/CVE-2020-6124.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed ",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1073",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1073"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6125.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1074",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1074"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6126.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities."
}
]
}

50
2020/6xxx/CVE-2020-6127.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6128.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1075"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6132.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6133.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed ",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6134.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OS4Ed",
"version": {
"version_data": [
{
"version_value": "OS4Ed openSIS 7.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1077"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

12
2020/7xxx/CVE-2020-7666.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGCPIO-570440"
"refsource": "MISC",
"url": "https://github.com/u-root/u-root/pull/1817",
"name": "https://github.com/u-root/u-root/pull/1817"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/u-root/u-root/pull/1817"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGCPIO-570440",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGCPIO-570440"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package github.com/u-root/u-root/pkg/cpio.\n It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.\r\n\r\n"
"value": "This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction."
}
]
},

12
2020/7xxx/CVE-2020-7669.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428"
"refsource": "MISC",
"url": "https://github.com/u-root/u-root/pull/1817",
"name": "https://github.com/u-root/u-root/pull/1817"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/u-root/u-root/pull/1817"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package github.com/u-root/u-root/pkg/tarutil.\n It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.\r\n\r\n"
"value": "This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction."
}
]
},

2
2020/8xxx/CVE-2020-8218.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A code injection vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
"value": "A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
}
]
}