mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
4f6b6e2046
commit
416fc9cad5
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-13404",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-13404",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://sysdream.com/news/lab/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sysdream.com/news/lab/"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/quadra-informatique/Atos-Magento/releases",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/quadra-informatique/Atos-Magento/releases"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://sysdream.com/news/lab/2020-06-09-cve-2020-13404-remote-system-command-injection-in-atos-magento-module/",
|
||||
"url": "https://sysdream.com/news/lab/2020-06-09-cve-2020-13404-remote-system-command-injection-in-atos-magento-module/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -38,7 +38,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry."
|
||||
"value": "In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane.\n\nGET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which removes Envoy from the routing pool.\n\nWhen running Envoy (For example on the host network, pod spec hostNetwork=true), the shutdown manager's endpoint is accessible to anyone on the network that can reach the Kubernetes node that's running Envoy. There is no authentication in place that prevents a rogue actor on the network from shutting down Envoy via the shutdown manager endpoint. \n\nSuccessful exploitation of this issue will lead to bad actors shutting down all instances of Envoy, essentially killing the entire ingress data plane.\n\nThis is fixed in version 1.7.0."
|
||||
"value": "In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which removes Envoy from the routing pool. When running Envoy (For example on the host network, pod spec hostNetwork=true), the shutdown manager's endpoint is accessible to anyone on the network that can reach the Kubernetes node that's running Envoy. There is no authentication in place that prevents a rogue actor on the network from shutting down Envoy via the shutdown manager endpoint. Successful exploitation of this issue will lead to bad actors shutting down all instances of Envoy, essentially killing the entire ingress data plane. This is fixed in version 1.7.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -41,7 +41,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the \"Forget password\" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames.\n\nAlso, the response of the \"Forgot Password\" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses.\n\nThis problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1."
|
||||
"value": "In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the \"Forget password\" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the \"Forgot Password\" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
18
2020/17xxx/CVE-2020-17365.json
Normal file
18
2020/17xxx/CVE-2020-17365.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-17365",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.\n\n"
|
||||
"value": "Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -74,8 +74,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062"
|
||||
"refsource": "MISC",
|
||||
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062",
|
||||
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -83,4 +84,4 @@
|
||||
"advisory": "TS103062",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user