admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-23 15:01:23 +00:00
parent eac02baedb
commit 6bb16c12ca
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 230 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/5xxx/CVE-2019-5888.json
View File

@ -56,6 +56,11 @@
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}

5
2019/5xxx/CVE-2019-5889.json
View File

@ -56,6 +56,11 @@
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}

5
2019/5xxx/CVE-2019-5890.json
View File

@ -56,6 +56,11 @@
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}

5
2019/5xxx/CVE-2019-5891.json
View File

@ -56,6 +56,11 @@
"url": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"refsource": "MISC",
"name": "https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
},
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/",
"url": "https://web.archive.org/web/20200327142627/https://www.quantumleap.it/geocall-v-6-3-multiple-vulnerabilities/"
}
]
}

61
2020/11xxx/CVE-2020-11939.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202",
"refsource": "MISC",
"name": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202"
},
{
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi",
"url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi"
}
]
}

61
2020/11xxx/CVE-2020-11940.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435",
"refsource": "MISC",
"name": "https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435"
},
{
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi",
"url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi"
}
]
}

81
2020/11xxx/CVE-2020-11945.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"name": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"url": "https://github.com/squid-cache/squid/pull/585",
"refsource": "MISC",
"name": "https://github.com/squid-cache/squid/pull/585"
},
{
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"refsource": "MISC",
"name": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/04/23/2",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1170313",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
}
]
}

18
2020/12xxx/CVE-2020-12101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2020/1xxx/CVE-2020-1760.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1760",
"ASSIGNER": "darunesh@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -55,7 +56,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/04/07/1"
"url": "https://www.openwall.com/lists/oss-security/2020/04/07/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/04/07/1"
}
]
},

2
2020/8xxx/CVE-2020-8509.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Desktop Central 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure."
"value": "Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure."
}
]
},

2
2020/9xxx/CVE-2020-9384.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters."
"value": "** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application."
}
]
},