admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-03 14:01:28 +00:00
parent 311cc40291
commit 482d0476d7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 301 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2019/1xxx/CVE-2019-1547.json
View File

@ -207,6 +207,16 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200416-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
},
{
"refsource": "UBUNTU",
"name": "USN-4376-1",
"url": "https://usn.ubuntu.com/4376-1/"
}
]
}

5
2019/1xxx/CVE-2019-1549.json
View File

@ -126,6 +126,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4376-1",
"url": "https://usn.ubuntu.com/4376-1/"
}
]
}

5
2019/1xxx/CVE-2019-1551.json
View File

@ -144,6 +144,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d7b29838f6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4376-1",
"url": "https://usn.ubuntu.com/4376-1/"
}
]
}

5
2019/1xxx/CVE-2019-1563.json
View File

@ -192,6 +192,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4376-1",
"url": "https://usn.ubuntu.com/4376-1/"
}
]
}

169
2020/10xxx/CVE-2020-10516.json
View File

@ -1,91 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10516",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.9"
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10516",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.9"
},
{
"version_affected": "<",
"version_name": "2.19",
"version_value": "2.19.15"
},
{
"version_affected": "<",
"version_name": "2.18",
"version_value": "2.18.20"
}
]
}
}
]
},
{
"version_affected": "<",
"version_name": "2.19",
"version_value": "2.19.15"
},
{
"version_affected": "<",
"version_name": "2.18",
"version_value": "2.18.20"
}
]
"vendor_name": "GitHub"
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaibhav Singh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
"value": "Vaibhav Singh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.18.20/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.20.9/notes",
"name": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.19.15/notes",
"name": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.18.20/notes",
"name": "https://enterprise.github.com/releases/2.18.20/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

9
2020/10xxx/CVE-2020-10749.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10749",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"
}
]
},
@ -71,4 +74,4 @@
]
]
}
}
}

66
2020/13xxx/CVE-2020-13254.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.djangoproject.com/en/3.0/releases/security/",
"refsource": "MISC",
"name": "https://docs.djangoproject.com/en/3.0/releases/security/"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ",
"url": "https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"
},
{
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"
}
]
}

66
2020/13xxx/CVE-2020-13596.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.djangoproject.com/en/3.0/releases/security/",
"refsource": "MISC",
"name": "https://docs.djangoproject.com/en/3.0/releases/security/"
},
{
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ",
"url": "https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"
}
]
}

66
2020/13xxx/CVE-2020-13756.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4",
"refsource": "MISC",
"name": "https://github.com/sabberworm/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4"
},
{
"url": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1",
"refsource": "MISC",
"name": "https://github.com/sabberworm/PHP-CSS-Parser/releases/tag/8.3.1"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Jun/7",
"url": "http://seclists.org/fulldisclosure/2020/Jun/7"
}
]
}

61
2020/1xxx/CVE-2020-1703.json
View File

@ -4,68 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1703",
"ASSIGNER": "mrehak@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "ipa",
"version": {
"version_data": [
{
"version_value": "No versions are affected"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1703",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1703",
"refsource": "CONFIRM"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "*REJECTED*Red Hat Product Security does not consider this as a security flaw. Password changes aren't expected to invalidate existing sessions. Though this is how Kerberos behaves: incrementing kvno will not invalidate any existing service tickets. This is not a concern because the lifetime on service tickets should be set appropriately (initially only a global, now also more finely configurable with the kdcpolicy plugin). This belief is reinforced by our use of mod_session: existing sessions there aren't terminated, but instead wait for expiration."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Red Hat Product Security does not consider this as a security flaw. Password changes aren't expected to invalidate existing sessions. Though this is how Kerberos behaves: incrementing kvno will not invalidate any existing service tickets. This is not a concern because the lifetime on service tickets should be set appropriately (initially only a global, now also more finely configurable with the kdcpolicy plugin). This belief is reinforced by our use of mod_session: existing sessions there aren't terminated, but instead wait for expiration."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.8/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
}
}
}