admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-02 22:04:22 +00:00
parent c1f7f3e935
commit 62c7c0308f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 188 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2020/13xxx/CVE-2020-13957.json
View File

@ -98,6 +98,16 @@
"refsource": "MLIST",
"name": "[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe closed pull request #32: Publish: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201102 [jira] [Commented] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented",
"url": "https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201102 [jira] [Updated] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented",
"url": "https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E"
}
]
},

5
2020/14xxx/CVE-2020-14323.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1819",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html"
}
]
},

4
2020/1xxx/CVE-2020-1686.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1."
"value": "On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1."
}
]
},
@ -134,7 +134,7 @@
"work_around": [
{
"lang": "eng",
"value": "Standard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure.\n\nIf traffic sampling is enabled, disabling traffic sampling will mitigate this issue.\nIf firewall filter with syslog and/or log action is enabled, disabling the syslog and/or log action will mitigate this issue.\n"
"value": "Standard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure."
}
]
}

5
2020/27xxx/CVE-2020-27358.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.ruse.tech/blog/38",
"url": "https://www.ruse.tech/blog/38"
},
{
"refsource": "MISC",
"name": "https://github.com/seb1055/cve-2020-27358-27359",
"url": "https://github.com/seb1055/cve-2020-27358-27359"
}
]
}

5
2020/27xxx/CVE-2020-27359.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.ruse.tech/blog/38",
"url": "https://www.ruse.tech/blog/38"
},
{
"refsource": "MISC",
"name": "https://github.com/seb1055/cve-2020-27358-27359",
"url": "https://github.com/seb1055/cve-2020-27358-27359"
}
]
}

82
2020/7xxx/CVE-2020-7757.json
View File

@ -3,16 +3,90 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-11-02T18:27:33.343489Z",
"ID": "CVE-2020-7757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "droppy",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DROPPY-1023656",
"name": "https://snyk.io/vuln/SNYK-JS-DROPPY-1023656"
},
{
"refsource": "MISC",
"url": "https://github.com/silverwind/droppy/blob/master/server/server.js%23L845",
"name": "https://github.com/silverwind/droppy/blob/master/server/server.js%23L845"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
]
}

87
2020/7xxx/CVE-2020-7758.json
View File

@ -3,16 +3,95 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-11-02T18:27:18.886549Z",
"ID": "CVE-2020-7758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "browserless-chrome",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657",
"name": "https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657"
},
{
"refsource": "MISC",
"url": "https://github.com/browserless/chrome/blob/master/src/routes.ts%23L175",
"name": "https://github.com/browserless/chrome/blob/master/src/routes.ts%23L175"
},
{
"refsource": "MISC",
"url": "https://github.com/browserless/chrome/commit/848b87e5bea4f8473eea85261a5ff922d6ebd2b6",
"name": "https://github.com/browserless/chrome/commit/848b87e5bea4f8473eea85261a5ff922d6ebd2b6"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:R",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
]
}