admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-28 19:01:39 +00:00
parent 2f3aa09f8a
commit 5b0b329dc1
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 412 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/19xxx/CVE-2018-19943.json
View File

@ -67,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. \nQTS 4.4.2.1270 build 20200410 and later \nQTS 4.4.1.1261 build 20200330 and later \nQTS 4.3.6.1263 build 20200330 and later \nQTS 4.3.4.1282 build 20200408 and later \nQTS 4.3.3.1252 build 20200409 and later \nQTS 4.2.6 build 20200421 and later "
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later"
}
]
},
@ -113,8 +113,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
}
]
},

7
2018/19xxx/CVE-2018-19949.json
View File

@ -67,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.\nQNAP has already fixed the issue in the following QTS versions. \nQTS 4.4.2.1231 on build 20200302;\nQTS 4.4.1.1201 on build 20200130;\nQTS 4.3.6.1218 on build 20200214;\nQTS 4.3.4.1190 on build 20200107;\nQTS 4.3.3.1161 on build 20200109;\nQTS 4.2.6 on build 20200109."
"value": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109."
}
]
},
@ -105,8 +105,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
}
]
},

7
2018/19xxx/CVE-2018-19953.json
View File

@ -67,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.\nQNAP has already fixed the issue in the following QTS versions. \nQTS 4.4.2.1231 on build 20200302;\nQTS 4.4.1.1201 on build 20200130;\nQTS 4.3.6.1218 on build 20200214;\nQTS 4.3.4.1190 on build 20200107;\nQTS 4.3.3.1161 on build 20200109;\nQTS 4.2.6 on build 20200109."
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109."
}
]
},
@ -97,8 +97,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-01"
}
]
},

5
2020/14xxx/CVE-2020-14864.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html",
"url": "http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html"
}
]
}

5
2020/15xxx/CVE-2020-15238.json
View File

@ -88,6 +88,11 @@
"refsource": "DEBIAN",
"name": "DSA-4781",
"url": "https://www.debian.org/security/2020/dsa-4781"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
}
]
},

66
2020/24xxx/CVE-2020-24990.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm",
"refsource": "MISC",
"name": "https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Oct/30",
"url": "http://seclists.org/fulldisclosure/2020/Oct/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html"
}
]
}

56
2020/25xxx/CVE-2020-25204.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159747/God-Kings-0.60.1-Notification-Spoofing.html",
"url": "http://packetstormsecurity.com/files/159747/God-Kings-0.60.1-Notification-Spoofing.html"
}
]
}

61
2020/27xxx/CVE-2020-27739.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.citadel.org/",
"refsource": "MISC",
"name": "https://www.citadel.org/"
},
{
"refsource": "MISC",
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}

61
2020/27xxx/CVE-2020-27740.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27740",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.citadel.org/",
"refsource": "MISC",
"name": "https://www.citadel.org/"
},
{
"refsource": "MISC",
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}

61
2020/27xxx/CVE-2020-27741.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.citadel.org/",
"refsource": "MISC",
"name": "https://www.citadel.org/"
},
{
"refsource": "MISC",
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}

61
2020/27xxx/CVE-2020-27742.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.citadel.org/",
"refsource": "MISC",
"name": "https://www.citadel.org/"
},
{
"refsource": "MISC",
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}

61
2020/27xxx/CVE-2020-27980.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://genexis.eu/product/platinum/",
"refsource": "MISC",
"name": "https://genexis.eu/product/platinum/"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/48948",
"url": "https://www.exploit-db.com/exploits/48948"
}
]
}

5
2020/5xxx/CVE-2020-5791.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-58",
"url": "https://www.tenable.com/security/research/tra-2020-58"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html"
}
]
},