admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-31 17:01:54 +00:00
parent 7aa617ed78
commit 4513956657
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 40 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/19xxx/CVE-2018-19941.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. \nQNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)"
"value": "A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)"
}
]
},
@ -90,8 +90,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-23"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-23",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-23"
}
]
},

7
2018/19xxx/CVE-2018-19944.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. \nIf exploited, this vulnerability allows a remote attacker to gain access to sensitive information. \n\nQNAP have already fixed this vulnerability in the following versions:\nQTS 4.4.3.1354 build 20200702 (and later)\n"
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)"
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22"
}
]
},

7
2018/19xxx/CVE-2018-19945.json
View File

@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. \nQNAP have already fixed this vulnerability in the following versions:\n\nQTS 4.3.6.0895 build 20190328 (and later)\nQTS 4.3.4.0899 build 20190322 (and later)\nThis issue does not affect QTS 4.4.x or QTS 4.5.x."
"value": "A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x."
}
]
},
@ -103,8 +103,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-21"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-21",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-21"
}
]
},

1
2020/24xxx/CVE-2020-24265.json
View File

@ -38,6 +38,7 @@
}
]
},
"discoverer": "jimoyong from Nsfocus Security Lab",
"problemtype": {
"problemtype_data": [
{

1
2020/24xxx/CVE-2020-24266.json
View File

@ -30,6 +30,7 @@
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"discoverer": "jimoyong from Nsfocus Security Lab",
"description": {
"description_data": [
{

5
2020/26xxx/CVE-2020-26258.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[struts-commits] 20201221 [struts] branch master updated: Upgrades XStream to version 1.4.15 to address CVE-2020-26258, CVE-2020-26259",
"url": "https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201231 [SECURITY] [DLA 2507-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html"
}
]
},

5
2020/26xxx/CVE-2020-26259.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[struts-commits] 20201221 [struts] branch master updated: Upgrades XStream to version 1.4.15 to address CVE-2020-26258, CVE-2020-26259",
"url": "https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201231 [SECURITY] [DLA 2507-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html"
}
]
},

7
2020/2xxx/CVE-2020-2499.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password.\nQNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.\n"
"value": "A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later."
}
]
},
@ -98,8 +98,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-19"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-19",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-19"
}
]
},

7
2020/2xxx/CVE-2020-2503.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.\nQNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
"value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
]
},
@ -98,8 +98,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
]
},

7
2020/2xxx/CVE-2020-2504.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station.\nQNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
"value": "If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
]
},
@ -106,8 +106,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
]
},

7
2020/2xxx/CVE-2020-2505.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages.\nQNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
"value": "If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
]
},
@ -90,8 +90,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
]
},