admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-28 16:01:27 +00:00
parent 0e4cdb3099
commit 4149b8a07d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 142 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2020/10xxx/CVE-2020-10683.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
}
]
},
@ -86,6 +86,16 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200518-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"refsource": "MISC",
"name": "https://github.com/dom4j/dom4j/issues/87",
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"refsource": "MISC",
"name": "https://github.com/dom4j/dom4j/commits/version-2.0.3",
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
}
]
}

2
2020/11xxx/CVE-2020-11110.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Grafana through 6.7.1 allows stored XSS."
"value": "Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot."
}
]
},

71
2020/15xxx/CVE-2020-15863.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/07/22/1",
"url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"
},
{
"refsource": "CONFIRM",
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555"
},
{
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"
}
]
}

71
2020/15xxx/CVE-2020-15900.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption issue was found in Artifex Ghostscript 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=log",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=log"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c",
"refsource": "MISC",
"name": "https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c"
},
{
"refsource": "MISC",
"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b",
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b"
},
{
"refsource": "MISC",
"name": "https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b",
"url": "https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b"
}
]
}