admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-30 20:01:50 +00:00
parent ac913e2187
commit 402c205221
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 227 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/27xxx/CVE-2020-27403.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure."
"value": "A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc."
}
]
},
@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/",
"url": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/"
},
{
"refsource": "MISC",
"name": "https://github.com/sickcodes/security/issues/1",
"url": "https://github.com/sickcodes/security/issues/1"
}
]
}

56
2020/27xxx/CVE-2020-27585.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/",
"refsource": "MISC",
"name": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/"
}
]
}

56
2020/27xxx/CVE-2020-27586.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/",
"refsource": "MISC",
"name": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/"
}
]
}

56
2020/27xxx/CVE-2020-27587.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/",
"refsource": "MISC",
"name": "https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/"
}
]
}

2
2020/29xxx/CVE-2020-29364.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In NetArt News Lister 1.0.0, the news headlines are vulnerable to stored xss. Attackers can inject codes to title value. After that when victims visit the news, xss fires."
"value": "In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles."
}
]
},

67
2020/29xxx/CVE-2020-29395.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS",
"refsource": "MISC",
"name": "https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS"
},
{
"url": "https://www.myeventon.com/news/",
"refsource": "MISC",
"name": "https://www.myeventon.com/news/"
}
]
}
}

5
2020/8xxx/CVE-2020-8351.json
View File

@ -79,8 +79,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://iknow.lenovo.com.cn/detail/dc_193055.html"
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_193055.html",
"name": "https://iknow.lenovo.com.cn/detail/dc_193055.html"
}
]
},