admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into update_CVE-2020-11022

Browse Source
This commit is contained in:
Michael Jackson 2020-04-29 17:10:07 -05:00
commit 6a86d028e1
No known key found for this signature in database
GPG Key ID: 77784BD3C1679355
9 changed files with 384 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2016/11xxx/CVE-2016-11061.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf",
"refsource": "MISC",
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf"
}
]
}
}

14
2020/11xxx/CVE-2020-11022.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.\n\nThis problem is patched in jQuery 3.5.0."
"value": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
}
]
},
@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://jquery.com/upgrade-guide/3.5/",
"refsource": "MISC",
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
"refsource": "CONFIRM",
@ -83,11 +88,6 @@
"name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"refsource": "MISC",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"name": "https://jquery.com/upgrade-guide/3.5/",
"refsource": "MISC",
"url": "https://jquery.com/upgrade-guide/3.5/"
}
]
},
@ -95,4 +95,4 @@
"advisory": "GHSA-gxr4-xjj5-5px2",
"discovery": "UNKNOWN"
}
}
}

2
2020/11xxx/CVE-2020-11023.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In jQuery before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.\n\nThis problem is patched in jQuery 3.5.0."
"value": "In jQuery before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
}
]
},

61
2020/11xxx/CVE-2020-11942.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0",
"refsource": "MISC",
"name": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0"
},
{
"refsource": "MISC",
"name": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities",
"url": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities"
}
]
}

61
2020/11xxx/CVE-2020-11943.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0",
"refsource": "MISC",
"name": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0"
},
{
"refsource": "MISC",
"name": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities",
"url": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities"
}
]
}

18
2020/12xxx/CVE-2020-12476.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/12xxx/CVE-2020-12477.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761",
"refsource": "MISC",
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
}
]
}
}

62
2020/12xxx/CVE-2020-12478.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764",
"refsource": "MISC",
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
}
]
}
}

62
2020/12xxx/CVE-2020-12479.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762",
"refsource": "MISC",
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
}
]
}
}