admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-02 16:01:23 +00:00
parent 0d8f6e240f
commit 4b129b1f2c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 184 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/20xxx/CVE-2019-20635.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20635",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://codebeamer.com/cb/wiki/7372223",
"refsource": "MISC",
"name": "https://codebeamer.com/cb/wiki/7372223"
}
]
}

67
2020/11xxx/CVE-2020-11452.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11452",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability",
"refsource": "MISC",
"name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability"
},
{
"refsource": "MISC",
"name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/",
"url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/"
}
]
}

67
2020/11xxx/CVE-2020-11453.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11453",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11453",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability",
"refsource": "MISC",
"name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability"
},
{
"refsource": "MISC",
"name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/",
"url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/"
}
]
}

18
2020/11xxx/CVE-2020-11492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/1xxx/CVE-2020-1773.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
@ -17,14 +18,10 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0.x",
"version_value": "5.0.41"
"version_value": "5.0.41 and prior"
},
{
"version_affected": "<=",
"version_name": "6.0.x",
"version_value": "6.0.26"
"version_value": "6.0.26 and prior"
}
]
}
@ -34,16 +31,13 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.15"
"version_value": "7.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "OTRS AG"
}
}
]
}
@ -61,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.\n\n\nThis issue affects\n((OTRS)) Community Edition:\n5.0.41 and prior versions, \n6.0.26 and prior versions.\n\nOTRS;\n7.0.15 and prior versions. "
"value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions."
}
]
},