admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-30 18:02:14 +00:00
parent fc92c33aca
commit 5ab0165dcb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
63 changed files with 1511 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/16xxx/CVE-2017-16922.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt",
"refsource": "CONFIRM",
"url": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2017-16922.txt",

5
2018/12xxx/CVE-2018-12404.json
View File

@ -68,6 +68,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

5
2018/17xxx/CVE-2018-17937.json
View File

@ -67,6 +67,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-17",
"url": "https://security.gentoo.org/glsa/202009-17"
}
]
}

58
2018/5xxx/CVE-2018-5353.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5353",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.manageengine.com/products/self-service-password/release-notes.html",
"url": "https://www.manageengine.com/products/self-service-password/release-notes.html"
},
{
"url": "http://zoho.com",
"refsource": "MISC",
"name": "http://zoho.com"
},
{
"refsource": "MISC",
"name": "https://github.com/missing0x00/CVE-2018-5353",
"url": "https://github.com/missing0x00/CVE-2018-5353"
}
]
}

53
2018/5xxx/CVE-2018-5354.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5354",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://anixis.com",
"refsource": "MISC",
"name": "http://anixis.com"
},
{
"refsource": "MISC",
"name": "https://github.com/missing0x00/CVE-2018-5354",
"url": "https://github.com/missing0x00/CVE-2018-5354"
}
]
}

5
2018/7xxx/CVE-2018-7048.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt"
},
{
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes",
"refsource": "MISC",

5
2019/11xxx/CVE-2019-11719.json
View File

@ -126,6 +126,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

5
2019/11xxx/CVE-2019-11729.json
View File

@ -131,6 +131,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:4190",
"url": "https://access.redhat.com/errata/RHSA-2019:4190"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

5
2019/11xxx/CVE-2019-11745.json
View File

@ -133,6 +133,11 @@
"refsource": "UBUNTU",
"name": "USN-4335-1",
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

7
2019/17xxx/CVE-2019-17098.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. \nThis issue affects:\nAugust Connect Wi-Fi Bridge App\nversion v10.11.0 and prior versions on Android.\nAugust Connect Firmware\nversion 2.2.12 and prior versions."
"value": "Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions."
}
]
},
@ -93,8 +93,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-security/"
"refsource": "MISC",
"url": "https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-security/",
"name": "https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-security/"
}
]
},

5
2019/19xxx/CVE-2019-19453.json
View File

@ -62,11 +62,6 @@
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19453.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19453.txt"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-19453.txt",

5
2019/19xxx/CVE-2019-19454.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19454.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19454.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes",

5
2019/19xxx/CVE-2019-19455.json
View File

@ -62,11 +62,6 @@
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19455.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19455.txt"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-19455.txt",

5
2019/19xxx/CVE-2019-19456.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19456.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19456.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes",

72
2019/20xxx/CVE-2019-20920.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/advisories/1316",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1316"
},
{
"url": "https://www.npmjs.com/advisories/1324",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1324"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478"
}
]
}
}

77
2019/20xxx/CVE-2019-20921.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/advisories/1522",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1522"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457"
},
{
"url": "https://github.com/advisories/GHSA-9r7h-6639-v5mw",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-9r7h-6639-v5mw"
},
{
"url": "https://github.com/snapappointments/bootstrap-select/issues/2199",
"refsource": "MISC",
"name": "https://github.com/snapappointments/bootstrap-select/issues/2199"
}
]
}
}

72
2019/20xxx/CVE-2019-20922.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/advisories/1300",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1300"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388"
},
{
"url": "https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b",
"refsource": "MISC",
"name": "https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b"
}
]
}
}

5
2019/7xxx/CVE-2019-7655.json
View File

@ -62,11 +62,6 @@
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7655.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7655.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",

5
2019/7xxx/CVE-2019-7656.json
View File

@ -62,11 +62,6 @@
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7656-PrivEscal-Wowza",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7656-PrivEscal-Wowza"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7656.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7656.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",

5
2020/12xxx/CVE-2020-12399.json
View File

@ -101,6 +101,11 @@
"refsource": "GENTOO",
"name": "GLSA-202007-49",
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

5
2020/12xxx/CVE-2020-12402.json
View File

@ -104,6 +104,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-16741ac7ff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RFL6UNFK4MG2WDXLMLFAEIUSM5EUK7CG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
},

85
2020/13xxx/CVE-2020-13326.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.8, <12.10.13"
},
{
"version_value": ">=13.0, <13.0.8"
},
{
"version_value": ">=13.1, <13.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/27221",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/27221",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13326.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13326.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [@xanbanx)](https://hackerone.com/xanbanx) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

50
2020/13xxx/CVE-2020-13502.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13502",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1107",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1107"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

50
2020/13xxx/CVE-2020-13503.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13503",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13506.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

50
2020/13xxx/CVE-2020-13507.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13507",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1109",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1109"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter OrigID in Alias.asmx is vulnerable to unauthenticated SQL injection attacks An attacker can send unauthenticated HTTP requests to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

50
2020/13xxx/CVE-2020-13508.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13508",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1109",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1109"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send unauthenticated HTTP requests to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

50
2020/13xxx/CVE-2020-13521.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13521",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

61
2020/13xxx/CVE-2020-13658.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nccgroup.com/us/our-research/?research=Technical+advisories",
"refsource": "MISC",
"name": "https://www.nccgroup.com/us/our-research/?research=Technical+advisories"
},
{
"refsource": "MISC",
"name": "https://research.nccgroup.com/2020/09/25/technical-advisory-lansweeper-privilege-escalation-via-csrf-using-http-method-interchange/",
"url": "https://research.nccgroup.com/2020/09/25/technical-advisory-lansweeper-privilege-escalation-via-csrf-using-http-method-interchange/"
}
]
}

61
2020/13xxx/CVE-2020-13794.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/goharbor/harbor/releases",
"refsource": "MISC",
"name": "https://github.com/goharbor/harbor/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432"
}
]
}

5
2020/14xxx/CVE-2020-14342.json
View File

@ -53,6 +53,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-16",
"url": "https://security.gentoo.org/glsa/202009-16"
}
]
},

5
2020/14xxx/CVE-2020-14364.json
View File

@ -88,6 +88,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200924-0006/",
"url": "https://security.netapp.com/advisory/ntap-20200924-0006/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-14",
"url": "https://security.gentoo.org/glsa/202009-14"
}
]
},

7
2020/15xxx/CVE-2020-15731.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. \nThis issue affects:\nBitdefender Engines\nversions prior to 7.85448."
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448."
}
]
},
@ -81,8 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953",
"name": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
]
},

5
2020/15xxx/CVE-2020-15960.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15961.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15962.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15963.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15964.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15965.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

5
2020/15xxx/CVE-2020-15966.json
View File

@ -69,6 +69,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1550",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-13",
"url": "https://security.gentoo.org/glsa/202009-13"
}
]
},

56
2020/22xxx/CVE-2020-22481.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-22481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-22481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hacklcx/HFish/issues/69",
"refsource": "MISC",
"name": "https://github.com/hacklcx/HFish/issues/69"
}
]
}

56
2020/24xxx/CVE-2020-24569.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html",
"refsource": "MISC",
"name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html"
}
]
}

56
2020/24xxx/CVE-2020-24570.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24570",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html",
"refsource": "MISC",
"name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html"
}
]
}

2
2020/25xxx/CVE-2020-25412.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution."
"value": "com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution."
}
]
},

66
2020/25xxx/CVE-2020-25760.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20200922 Visitor Management System in PHP 1.0 - Authenticated SQL Injection",
"url": "http://seclists.org/fulldisclosure/2020/Sep/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/author/15149/",
"url": "https://packetstormsecurity.com/files/author/15149/"
}
]
}

66
2020/25xxx/CVE-2020-25761.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20200922 Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS",
"url": "http://seclists.org/fulldisclosure/2020/Sep/45"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/author/15149/",
"url": "https://packetstormsecurity.com/files/author/15149/"
}
]
}

66
2020/25xxx/CVE-2020-25762.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/159261/Seat-Reservation-System-1.0-SQL-Injection.html"
},
{
"refsource": "FULLDISC",
"name": "20200922 Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)",
"url": "http://seclists.org/fulldisclosure/2020/Sep/42"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/author/15149",
"url": "https://packetstormsecurity.com/files/author/15149"
}
]
}

66
2020/25xxx/CVE-2020-25763.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159260/Seat-Reservation-System-1.0-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/159260/Seat-Reservation-System-1.0-Shell-Upload.html"
},
{
"refsource": "FULLDISC",
"name": "20200922 Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763)",
"url": "http://seclists.org/fulldisclosure/2020/Sep/41"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/author/15149",
"url": "https://packetstormsecurity.com/files/author/15149"
}
]
}

62
2020/26xxx/CVE-2020-26148.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mity/md4c/issues/130",
"refsource": "MISC",
"name": "https://github.com/mity/md4c/issues/130"
}
]
}
}

75
2020/26xxx/CVE-2020-26149.json Normal file
View File

@ -0,0 +1,75 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9",
"refsource": "MISC",
"name": "https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9"
},
{
"url": "https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7",
"refsource": "MISC",
"name": "https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/09/30/3",
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/3"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

62
2020/26xxx/CVE-2020-26150.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://godofdarkness-msf.blogspot.com/2020/09/aware-callmanager-2012-php-info.html",
"refsource": "MISC",
"name": "https://godofdarkness-msf.blogspot.com/2020/09/aware-callmanager-2012-php-info.html"
}
]
}
}

18
2020/26xxx/CVE-2020-26151.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26152.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/26xxx/CVE-2020-26153.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/26xxx/CVE-2020-26154.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libproxy/libproxy/pull/126",
"refsource": "MISC",
"name": "https://github.com/libproxy/libproxy/pull/126"
},
{
"url": "https://bugs.debian.org/968366",
"refsource": "MISC",
"name": "https://bugs.debian.org/968366"
}
]
}
}

67
2020/26xxx/CVE-2020-26159.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kkos/oniguruma/issues/207",
"refsource": "MISC",
"name": "https://github.com/kkos/oniguruma/issues/207"
},
{
"url": "https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0",
"refsource": "MISC",
"name": "https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0"
}
]
}
}

81
2020/26xxx/CVE-2020-26160.json Normal file
View File

@ -0,0 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[\"aud\"] (which is allowed by the specification). Because the type assertion fails, \"\" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dgrijalva/jwt-go/pull/426",
"refsource": "MISC",
"name": "https://github.com/dgrijalva/jwt-go/pull/426"
},
{
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

5
2020/2xxx/CVE-2020-2574.json
View File

@ -92,6 +92,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0289",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200929 QEMU: NULL pointer derefrence issues",
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
}
]
}

50
2020/6xxx/CVE-2020-6153.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6153",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aveva",
"version": {
"version_data": [
{
"version_value": "Aveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1097",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1097"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

10
2020/6xxx/CVE-2020-6506.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-202007-08",
"url": "https://security.gentoo.org/glsa/202007-08"
},
{
"refsource": "MLIST",
"name": "[cordova-issues] 20200929 [GitHub] [cordova-docs] purplecabbage opened a new pull request #1123: Added Security Advisory CVE-2020-6506",
"url": "https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cordova-issues] 20200929 [GitHub] [cordova-docs] purplecabbage merged pull request #1123: Added Security Advisory CVE-2020-6506",
"url": "https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E"
}
]
},

5
2020/8xxx/CVE-2020-8252.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/965914",
"url": "https://hackerone.com/reports/965914"
},
{
"refsource": "GENTOO",
"name": "GLSA-202009-15",
"url": "https://security.gentoo.org/glsa/202009-15"
}
]
},

5
2020/8xxx/CVE-2020-8927.json
View File

@ -84,6 +84,11 @@
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1578",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
}
]
},

5
2020/9xxx/CVE-2020-9004.json
View File

@ -57,11 +57,6 @@
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",