admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-08 17:01:23 +00:00
parent fadbc3ad16
commit 50ebeee169
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 420 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2020/12xxx/CVE-2020-12049.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
},
{
"url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/06/04/3",
"url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18",
"url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30",
"url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
}
]
}

61
2020/12xxx/CVE-2020-12695.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.callstranger.com",
"refsource": "MISC",
"name": "https://www.callstranger.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/339275",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/339275"
}
]
}

61
2020/12xxx/CVE-2020-12800.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html",
"url": "https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html"
},
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers",
"url": "https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers"
}
]
}

61
2020/13xxx/CVE-2020-13625.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6",
"url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj",
"url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj"
}
]
}

76
2020/13xxx/CVE-2020-13696.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3",
"refsource": "MISC",
"name": "https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3"
},
{
"url": "https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292",
"refsource": "MISC",
"name": "https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292"
},
{
"url": "https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c",
"refsource": "MISC",
"name": "https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/06/04/6",
"url": "http://www.openwall.com/lists/oss-security/2020/06/04/6"
}
]
}

5
2020/13xxx/CVE-2020-13881.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20200608 CVE-2020-13881: pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if configured with debug parameter",
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/1"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200608 [SECURITY] [DLA 2239-1] libpam-tacplus security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html"
}
]
}

61
2020/5xxx/CVE-2020-5304.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-5304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.whitesourcesoftware.com/oss_security_vulnerabilities/",
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/oss_security_vulnerabilities/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b",
"url": "https://medium.com/@venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b"
}
]
}

61
2020/8xxx/CVE-2020-8954.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://play.google.com/store/apps/details?id=de.marcel.opensearch&hl=en_US",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=de.marcel.opensearch&hl=en_US"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/marcelbohland/OpenSerach-CVE-SVE-reference-/master/CVE-list",
"url": "https://raw.githubusercontent.com/marcelbohland/OpenSerach-CVE-SVE-reference-/master/CVE-list"
}
]
}