admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-11 16:02:32 +00:00
parent 375a8a521f
commit 6e8c1e42be
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 193 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/17xxx/CVE-2020-17508.json
View File

@ -1,14 +1,17 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17508",
"STATE": "PUBLIC",
"TITLE": "Apache Traffic Server ESI plugin has a memory disclosure vulnerability"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -16,52 +19,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Apache Traffic Server",
"version_value": "6.2.3"
},
{
"version_affected": "<",
"version_name": "Apache Traffic Server",
"version_value": "7.1.12"
},
{
"version_affected": "<",
"version_name": "Apache Traffic Server",
"version_value": "8.1.0"
"version_value": "Apache Traffic Server 7.0.0 to 7.1.11, 8.0.0 to 8.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Disclosure"
"value": "Information Disclosure"
}
]
}
@ -71,12 +46,17 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E"
"name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected."
}
]
}
}

56
2020/17xxx/CVE-2020-17509.json
View File

@ -1,14 +1,17 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17509",
"STATE": "PUBLIC",
"TITLE": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -16,52 +19,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Apache Traffic Server",
"version_value": "6.2.3"
},
{
"version_affected": "<",
"version_name": "Apache Traffic Server",
"version_value": "7.1.11"
},
{
"version_affected": "<",
"version_name": "Apache Traffic Server",
"version_value": "8.0.8"
"version_value": "Apache Traffic Server 7.0.0 to 7.1.11, 8.0.0 to 8.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cache poisoning attack"
"value": "Improper Enforcement of Behavioral Workflow"
}
]
}
@ -71,12 +46,17 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E"
"name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E",
"url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
"description": {
"description_data": [
{
"lang": "eng",
"value": "ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected."
}
]
}
}

61
2020/23xxx/CVE-2020-23960.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/forkcms/forkcms/pull/3123",
"refsource": "MISC",
"name": "https://github.com/forkcms/forkcms/pull/3123"
},
{
"url": "https://www.fork-cms.com/blog/detail/fork-5.8.3-released",
"refsource": "MISC",
"name": "https://www.fork-cms.com/blog/detail/fork-5.8.3-released"
}
]
}

50
2020/27xxx/CVE-2020-27281.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Delta Electronics CNCSoft ScreenEditor",
"version": {
"version_data": [
{
"version_value": "CNCSoft ScreenEditor Versions 1.01.26 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code."
}
]
}

61
2020/35xxx/CVE-2020-35701.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/",
"refsource": "MISC",
"name": "https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/"
},
{
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/4022",
"url": "https://github.com/Cacti/cacti/issues/4022"
}
]
}