mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
8125e2d9c0
commit
66087881b2
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-13549",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Sytech",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Sytech XL Reporter v14.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "incorrect default permissions"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -482,6 +482,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
|
||||
"url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
|
||||
"url": "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3@%3Creviews.spark.apache.org%3E"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@dell.com",
|
||||
"DATE_PUBLIC": "2021-02-17",
|
||||
"ID": "CVE-2021-21512",
|
||||
"ASSIGNER": "secure@dell.com",
|
||||
"DATE_PUBLIC": "2021-02-17",
|
||||
"ID": "CVE-2021-21512",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -12,59 +12,60 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cyber Recovery",
|
||||
"product_name": "Cyber Recovery",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_affected": "<",
|
||||
"version_value": "19.7.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
},
|
||||
"vendor_name": "Dell"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"lang": "eng",
|
||||
"value": "Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account."
|
||||
}
|
||||
]
|
||||
},
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 7.9,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
|
||||
"baseScore": 7.9,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Information Exposure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure"
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure",
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -48,16 +48,19 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017"
|
||||
"refsource": "MISC",
|
||||
"url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017",
|
||||
"name": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593"
|
||||
"refsource": "MISC",
|
||||
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593",
|
||||
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe"
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe",
|
||||
"name": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -65,7 +68,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This affects the package docsify before 4.12.0.\n It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods\r\n\r\n1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. \r\n\r\n2) The isURL external check can be bypassed by inserting more \u201c////\u201d characters \r\n\r\n"
|
||||
"value": "This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more \u201c////\u201d characters"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user