mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
ac48adf58a
commit
7308d027e4
@ -61,6 +61,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/",
|
||||
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
|
||||
"url": "https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea@%3Cdev.nuttx.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/4"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
|
||||
"url": "https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3@%3Cdev.nuttx.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2020/12/09/5"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference \"homeserver\" implementation of Matrix. \n\nA malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers.\n\nThe Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack.\n\nIssue is fixed in version 1.23.1.\n\nAs a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`)."
|
||||
"value": "Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference \"homeserver\" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`)."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-28086",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-28086",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html",
|
||||
"url": "https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"discoverer": "Steven Darracott",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
|
||||
@ -84,7 +84,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted.\nThis issue impacts:\nCortex XDR Agent 5.0 versions earlier than 5.0.10;\nCortex XDR Agent 6.1 versions earlier than 6.1.7;\nCortex XDR Agent 7.0 versions earlier than 7.0.3;\nCortex XDR Agent 7.1 versions earlier than 7.1.2."
|
||||
"value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -122,8 +122,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2020-2020"
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2020-2020",
|
||||
"name": "https://security.paloaltonetworks.com/CVE-2020-2020"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -75,7 +75,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges.\n\nThis requires the user to have the privilege to create files in the Windows root directory.\n\nThis issue impacts:\nAll versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions;\nAll versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions."
|
||||
"value": "A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -113,8 +113,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2020-2049"
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2020-2049",
|
||||
"name": "https://security.paloaltonetworks.com/CVE-2020-2049"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user