admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-30 19:02:39 +00:00
parent e8e1742ac2
commit 52f27cf2f7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 359 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/13xxx/CVE-2020-13794.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432"
},
{
"refsource": "MISC",
"name": "https://www.cybereagle.io/blog/cve-2020-13794/",
"url": "https://www.cybereagle.io/blog/cve-2020-13794/"
}
]
}

5
2020/14xxx/CVE-2020-14342.json
View File

@ -58,6 +58,11 @@
"refsource": "GENTOO",
"name": "GLSA-202009-16",
"url": "https://security.gentoo.org/glsa/202009-16"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1579",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html"
}
]
},

55
2020/14xxx/CVE-2020-14375.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2020/14xxx/CVE-2020-14376.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2020/14xxx/CVE-2020-14377.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14377",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
}
]
}

55
2020/14xxx/CVE-2020-14378.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14378",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 leads to CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period."
}
]
}

61
2020/15xxx/CVE-2020-15488.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Re:Desk 2.3 allows insecure file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.re-desk.com/download-help-desk-software.html",
"refsource": "MISC",
"name": "https://www.re-desk.com/download-help-desk-software.html"
},
{
"refsource": "MISC",
"name": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/",
"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"
}
]
}

61
2020/15xxx/CVE-2020-15849.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.re-desk.com/download-help-desk-software.html",
"refsource": "MISC",
"name": "https://www.re-desk.com/download-help-desk-software.html"
},
{
"refsource": "MISC",
"name": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/",
"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"
}
]
}

15
2020/1xxx/CVE-2020-1945.json
View File

@ -158,6 +158,21 @@
"refsource": "MLIST",
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
}
]
},

5
2020/24xxx/CVE-2020-24721.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "FULLDISC: 20200929 CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]",
"url": "https://seclists.org/fulldisclosure/2020/Sep/53"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html",
"url": "http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html"
}
]
}

5
2020/3xxx/CVE-2020-3153.json
View File

@ -87,6 +87,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html"
}
]
},

5
2020/3xxx/CVE-2020-3433.json
View File

@ -71,6 +71,11 @@
"name": "20200805 Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html"
}
]
},

5
2020/7xxx/CVE-2020-7712.json
View File

@ -116,11 +116,6 @@
"refsource": "MLIST",
"name": "[flink-issues] 20200930 [jira] [Commented] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1",
"url": "https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20200930 [jira] [Updated] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1",
"url": "https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d@%3Cissues.flink.apache.org%3E"
}
]
},