admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-07 20:01:33 +00:00
parent 7cd7126461
commit 478c623389
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 214 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/12xxx/CVE-2020-12736.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.code42.com/Release_Notes",
"refsource": "MISC",
"name": "https://support.code42.com/Release_Notes"
},
{
"refsource": "CONFIRM",
"name": "https://code42.com/r/support/CVE-2020-12736",
"url": "https://code42.com/r/support/CVE-2020-12736"
}
]
}

76
2020/12xxx/CVE-2020-12821.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub",
"refsource": "MISC",
"name": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md",
"refsource": "MISC",
"name": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack",
"refsource": "MISC",
"name": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/ipfs/blog/pull/450",
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"refsource": "CONFIRM",
"name": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf",
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
]
}

56
2020/15xxx/CVE-2020-15008.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://slagle.tech/2020/07/06/cve-2020-15008/",
"url": "https://slagle.tech/2020/07/06/cve-2020-15008/"
}
]
}

18
2020/15xxx/CVE-2020-15596.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

10
2020/8xxx/CVE-2020-8519.json
View File

@ -3,10 +3,14 @@
"references": {
"reference_data": [
{
"url": "http://www.vapidlabs.com/advisory.php?v=213"
"url": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"name": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
}
]
},
@ -64,4 +68,4 @@
}
]
}
}
}

10
2020/8xxx/CVE-2020-8520.json
View File

@ -3,10 +3,14 @@
"references": {
"reference_data": [
{
"url": "http://www.vapidlabs.com/advisory.php?v=213"
"url": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"name": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
}
]
},
@ -64,4 +68,4 @@
}
]
}
}
}

10
2020/8xxx/CVE-2020-8521.json
View File

@ -3,10 +3,14 @@
"references": {
"reference_data": [
{
"url": "http://www.vapidlabs.com/advisory.php?v=213"
"url": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"name": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
}
]
},
@ -64,4 +68,4 @@
}
]
}
}
}