admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-15 21:01:33 +00:00
parent aff33d350e
commit 548e236b75
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 562 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/13xxx/CVE-2020-13788.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/goharbor/harbor/releases",
"refsource": "MISC",
"name": "https://github.com/goharbor/harbor/releases"
},
{
"refsource": "CONFIRM",
"name": "https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788",
"url": "https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788"
},
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=v8Isqy4yR3Q",
"url": "https://www.youtube.com/watch?v=v8Isqy4yR3Q"
}
]
}

61
2020/14xxx/CVE-2020-14982.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mindpointgroup.com/articles/",
"refsource": "MISC",
"name": "https://www.mindpointgroup.com/articles/"
},
{
"refsource": "MISC",
"name": "https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/",
"url": "https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/"
}
]
}

61
2020/15xxx/CVE-2020-15051.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://artica-proxy.com/telechargements/",
"refsource": "MISC",
"name": "http://artica-proxy.com/telechargements/"
},
{
"refsource": "MISC",
"name": "https://github.com/pratikshad19/CVE-2020-15051",
"url": "https://github.com/pratikshad19/CVE-2020-15051"
}
]
}

77
2020/15xxx/CVE-2020-15779.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/package/socket.io-file",
"refsource": "MISC",
"name": "https://www.npmjs.com/package/socket.io-file"
},
{
"url": "https://github.com/rico345100/socket.io-file",
"refsource": "MISC",
"name": "https://github.com/rico345100/socket.io-file"
},
{
"url": "https://www.npmjs.com/advisories/1519",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1519"
},
{
"url": "https://github.com/advisories/GHSA-9h4g-27m8-qjrg",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-9h4g-27m8-qjrg"
}
]
}
}

5
2020/1xxx/CVE-2020-1943.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[ofbiz-dev] 20200705 Error.ftl everywhere",
"url": "https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757@%3Cdev.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-dev] 20200715 Re: Error.ftl everywhere",
"url": "https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa@%3Cdev.ofbiz.apache.org%3E"
}
]
},

5
2020/2xxx/CVE-2020-2220.json
View File

@ -61,6 +61,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2221.json
View File

@ -61,6 +61,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1901",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2222.json
View File

@ -61,6 +61,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2223.json
View File

@ -61,6 +61,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2224.json
View File

@ -57,6 +57,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2225.json
View File

@ -57,6 +57,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2226.json
View File

@ -57,6 +57,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2227.json
View File

@ -57,6 +57,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

5
2020/2xxx/CVE-2020-2228.json
View File

@ -57,6 +57,11 @@
"name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
]
}

56
2020/6xxx/CVE-2020-6164.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
}
]
}

56
2020/6xxx/CVE-2020-6165.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
}
]
}

71
2020/8xxx/CVE-2020-8958.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.gpononu.com/dual-mode-onu/1GE-Router-WiFi-ONU.html",
"refsource": "MISC",
"name": "https://www.gpononu.com/dual-mode-onu/1GE-Router-WiFi-ONU.html"
},
{
"url": "https://www.gpononu.com/gpon-ont/4ge-epon-onu-v2804ew.html",
"refsource": "MISC",
"name": "https://www.gpononu.com/gpon-ont/4ge-epon-onu-v2804ew.html"
},
{
"refsource": "MISC",
"name": "https://github.com/qurbat/gpon",
"url": "https://github.com/qurbat/gpon"
},
{
"refsource": "MISC",
"name": "https://www.karansaini.com/os-command-injection-v-sol/",
"url": "https://www.karansaini.com/os-command-injection-v-sol/"
}
]
}

56
2020/9xxx/CVE-2020-9309.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-9309",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9309"
}
]
}

56
2020/9xxx/CVE-2020-9311.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
}
]
}