admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #398 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-02-02 09:34:37 -05:00 committed by GitHub
commit 7c2ce8a633
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
586 changed files with 15412 additions and 838 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2014/3xxx/CVE-2014-3153.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2014-3153",
"STATE": "PUBLIC"
},
@ -226,6 +226,26 @@
"name": "http://linux.oracle.com/errata/ELSA-2014-3038.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
"url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/02/01/4",
"url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
},
{
"refsource": "MISC",
"name": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html",
"url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
},
{
"refsource": "MISC",
"name": "https://github.com/elongl/CVE-2014-3153",
"url": "https://github.com/elongl/CVE-2014-3153"
}
]
}

2
2016/10xxx/CVE-2016-10095.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
"value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
}
]
},

5
2016/9xxx/CVE-2016-9396.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1315",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2016/9xxx/CVE-2016-9397.json
View File

@ -71,6 +71,11 @@
"name": "94373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94373"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2016/9xxx/CVE-2016-9398.json
View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1523",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2016/9xxx/CVE-2016-9399.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1523",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/1000xxx/CVE-2017-1000050.json
View File

@ -83,6 +83,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13745.json
View File

@ -76,6 +76,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13746.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13747.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13748.json
View File

@ -71,6 +71,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13749.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13750.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13751.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

5
2017/13xxx/CVE-2017-13752.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-03",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

7
2017/14xxx/CVE-2017-14132.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c."
"value": "JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c."
}
]
},
@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1523",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-2b151590d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"
}
]
}

2
2017/15xxx/CVE-2017-15018.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
"value": "LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
}
]
},

2
2017/15xxx/CVE-2017-15046.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412."
"value": "LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412."
}
]
},

5
2017/16xxx/CVE-2017-16651.json
View File

@ -91,6 +91,11 @@
"name": "https://github.com/roundcube/roundcubemail/issues/6026",
"refsource": "CONFIRM",
"url": "https://github.com/roundcube/roundcubemail/issues/6026"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html",
"url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
}
]
}

2
2017/5xxx/CVE-2017-5974.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
"value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},

2
2017/5xxx/CVE-2017-5975.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
"value": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},

2
2017/5xxx/CVE-2017-5976.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
"value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},

2
2017/6xxx/CVE-2017-6832.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
"value": "Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},

2
2017/6xxx/CVE-2017-6834.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},

2
2017/6xxx/CVE-2017-6836.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
"value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},

2
2018/17xxx/CVE-2018-17095.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert."
"value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert."
}
]
},

2
2018/19xxx/CVE-2018-19540.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c."
"value": "An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c."
}
]
},

2
2018/19xxx/CVE-2018-19541.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c."
"value": "An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c."
}
]
},

18
2018/25xxx/CVE-2018-25004.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25005.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2018/7xxx/CVE-2018-7456.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
"value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
}
]
},
@ -96,6 +96,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2051",
"url": "https://access.redhat.com/errata/RHSA-2019:2051"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2053",
"url": "https://access.redhat.com/errata/RHSA-2019:2053"
}
]
}

5
2018/8xxx/CVE-2018-8975.json
View File

@ -61,6 +61,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1200",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00056.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-df9ede6a02",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVMWVVFEADMA7XIPXFHGSBRYKEGGDFGE/"
}
]
}

5
2018/9xxx/CVE-2018-9276.json
View File

@ -66,6 +66,11 @@
"name": "20180626 PRTG < 18.2.39 Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542103/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html"
}
]
}

5
2019/13xxx/CVE-2019-13616.json
View File

@ -141,6 +141,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/17xxx/CVE-2019-17006.json
View File

@ -54,6 +54,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
}
]
},

5
2019/17xxx/CVE-2019-17539.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html"
}
]
}

5
2019/19xxx/CVE-2019-19462.json
View File

@ -121,6 +121,11 @@
"refsource": "UBUNTU",
"name": "USN-4440-1",
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0004/"
}
]
}

61
2019/20xxx/CVE-2019-20468.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tk-star.com",
"refsource": "MISC",
"name": "https://www.tk-star.com"
},
{
"refsource": "MISC",
"name": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/",
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/"
}
]
}

61
2019/20xxx/CVE-2019-20470.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tk-star.com",
"refsource": "MISC",
"name": "https://www.tk-star.com"
},
{
"refsource": "MISC",
"name": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/",
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/"
}
]
}

61
2019/20xxx/CVE-2019-20471.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20471",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tk-star.com",
"refsource": "MISC",
"name": "https://www.tk-star.com"
},
{
"refsource": "MISC",
"name": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/",
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/"
}
]
}

61
2019/20xxx/CVE-2019-20473.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20473",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a \"Remove PIN and restart!\" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tk-star.com",
"refsource": "MISC",
"name": "https://www.tk-star.com"
},
{
"refsource": "MISC",
"name": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/",
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/"
}
]
}

10
2019/20xxx/CVE-2019-20838.json
View File

@ -71,6 +71,16 @@
"refsource": "FULLDISC",
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212147",
"url": "https://support.apple.com/kb/HT212147"
},
{
"refsource": "FULLDISC",
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
}
]
}

61
2019/25xxx/CVE-2019-25014.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-25014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0",
"refsource": "MISC",
"name": "https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919066"
}
]
}

77
2019/25xxx/CVE-2019-25016.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168",
"refsource": "MISC",
"name": "https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168"
},
{
"url": "https://github.com/Duncaen/OpenDoas/issues/45",
"refsource": "MISC",
"name": "https://github.com/Duncaen/OpenDoas/issues/45"
},
{
"refsource": "MISC",
"name": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1",
"url": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1"
},
{
"refsource": "MISC",
"name": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d",
"url": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d"
}
]
}
}

5
2019/7xxx/CVE-2019-7575.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/7xxx/CVE-2019-7577.json
View File

@ -126,6 +126,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/7xxx/CVE-2019-7578.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/7xxx/CVE-2019-7635.json
View File

@ -146,6 +146,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/7xxx/CVE-2019-7636.json
View File

@ -121,6 +121,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/7xxx/CVE-2019-7638.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-24652fe41c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2019/8xxx/CVE-2019-8943.json
View File

@ -81,6 +81,11 @@
"refsource": "EXPLOIT-DB",
"name": "46662",
"url": "https://www.exploit-db.com/exploits/46662/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html"
}
]
}

5
2020/0xxx/CVE-2020-0427.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html",
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
}
]
},

5
2020/10xxx/CVE-2020-10176.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/",
"url": "https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/"
},
{
"refsource": "MISC",
"name": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf",
"url": "https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf"
}
]
}

5
2020/10xxx/CVE-2020-10663.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
}
]
}

5
2020/10xxx/CVE-2020-10687.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"refsource": "MLIST",
"name": "[cxf-dev] 20210129 Undertow CVE",
"url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E"
}
]
},

5
2020/10xxx/CVE-2020-10732.json
View File

@ -108,6 +108,11 @@
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/"
}
]
},

5
2020/11xxx/CVE-2020-11724.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4750",
"url": "https://www.debian.org/security/2020/dsa-4750"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0002/"
}
]
}

5
2020/11xxx/CVE-2020-11853.json
View File

@ -265,6 +265,11 @@
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
}
]
},

5
2020/11xxx/CVE-2020-11854.json
View File

@ -173,6 +173,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
}
]
},

5
2020/12xxx/CVE-2020-12352.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html",
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
}
]
},

7
2020/12xxx/CVE-2020-12525.json
View File

@ -103,7 +103,7 @@
}
]
},
"vendor_name": "Weidmüller"
"vendor_name": "Weidm\u00fcller"
}
]
}
@ -162,6 +162,11 @@
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05"
}
]
},

5
2020/13xxx/CVE-2020-13520.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1120",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1120"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212011",
"url": "https://support.apple.com/kb/HT212011"
}
]
},

50
2020/13xxx/CVE-2020-13562.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "phpGACL 3.3.7 ,OpenEMR 5.0.2 ,OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter."
}
]
}

50
2020/13xxx/CVE-2020-13563.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "phpGACL 3.3.7 , OpenEMR 5.0.2 , OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter."
}
]
}

50
2020/13xxx/CVE-2020-13564.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13564",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "phpGACL 3.3.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter."
}
]
}

50
2020/13xxx/CVE-2020-13569.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": " OpenEMR",
"version": {
"version_data": [
{
"version_value": "OpenEMR 5.0.2 OpenEMR development version 6.0.0 (commitbabec93f600ff1394f91ccd512bcad85832eb6ce)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1180",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1180"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability."
}
]
}

61
2020/13xxx/CVE-2020-13856.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/13xxx/CVE-2020-13857.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/13xxx/CVE-2020-13858.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/13xxx/CVE-2020-13859.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/13xxx/CVE-2020-13860.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

5
2020/13xxx/CVE-2020-13933.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[shiro-dev] 20201222 Re: Request for assistance to backport CVE-2020-13933 fix",
"url": "https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[shiro-dev] 20210130 Re: Request for assistance to backport CVE-2020-13933 fix",
"url": "https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E"
}
]
},

10
2020/14xxx/CVE-2020-14155.json
View File

@ -76,6 +76,16 @@
"refsource": "FULLDISC",
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212147",
"url": "https://support.apple.com/kb/HT212147"
},
{
"refsource": "FULLDISC",
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
}
]
}

74
2020/14xxx/CVE-2020-14192.json
View File

@ -1,17 +1,79 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-11-11T00:00:00",
"ID": "CVE-2020-14192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_value": "4.8.4",
"version_affected": "<"
}
]
}
},
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_value": "4.8.4",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/FE-7334",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/FE-7334"
},
{
"url": "https://jira.atlassian.com/browse/CRUC-8502",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CRUC-8502"
}
]
}

5
2020/14xxx/CVE-2020-14409.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9",
"url": "https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

5
2020/14xxx/CVE-2020-14410.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9",
"url": "https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
}
]
}

61
2020/14xxx/CVE-2020-14418.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nettitude/metasploit-modules",
"refsource": "MISC",
"name": "https://github.com/nettitude/metasploit-modules"
},
{
"refsource": "MISC",
"name": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/",
"url": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/"
}
]
}

5
2020/14xxx/CVE-2020-14765.json
View File

@ -107,6 +107,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-ac2d47d89a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html"
}
]
}

5
2020/14xxx/CVE-2020-14812.json
View File

@ -92,6 +92,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-ac2d47d89a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html"
}
]
}

10
2020/15xxx/CVE-2020-15358.json
View File

@ -136,6 +136,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT211931",
"url": "https://support.apple.com/kb/HT211931"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212147",
"url": "https://support.apple.com/kb/HT212147"
},
{
"refsource": "FULLDISC",
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
}
]
}

61
2020/15xxx/CVE-2020-15568.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://help.terra-master.com/TOS/view/",
"refsource": "MISC",
"name": "https://help.terra-master.com/TOS/view/"
},
{
"refsource": "MISC",
"name": "https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/",
"url": "https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/"
}
]
}

61
2020/15xxx/CVE-2020-15690.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/asyncftpclient.nim#L145",
"refsource": "MISC",
"name": "https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/asyncftpclient.nim#L145"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/nim-lang/Nim/compare/v1.2.4...v1.2.6",
"url": "https://github.com/nim-lang/Nim/compare/v1.2.4...v1.2.6"
}
]
}

61
2020/15xxx/CVE-2020-15832.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/15xxx/CVE-2020-15833.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/15xxx/CVE-2020-15834.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/15xxx/CVE-2020-15835.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/15xxx/CVE-2020-15836.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"refsource": "MISC",
"name": "https://mofinetwork.com/index.php?main_page=page&id=14"
},
{
"refsource": "MISC",
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}

61
2020/17xxx/CVE-2020-17380.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html"
}
]
}

5
2020/17xxx/CVE-2020-17510.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[shiro-dev] 20201222 Re: Request for assistance to backport CVE-2020-13933 fix",
"url": "https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[shiro-dev] 20210130 Re: Request for assistance to backport CVE-2020-13933 fix",
"url": "https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E"
}
]
},

61
2020/18xxx/CVE-2020-18568.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a",
"refsource": "MISC",
"name": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
}
]
}

50
2020/1xxx/CVE-2020-1723.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1723",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "as shipped with Red Hat Mobile Aplication Platform 4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable."
}
]
}

55
2020/1xxx/CVE-2020-1725.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "keycloak 13.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129"
},
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/KEYCLOAK-16550",
"url": "https://issues.redhat.com/browse/KEYCLOAK-16550"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token."
}
]
}

5
2020/1xxx/CVE-2020-1747.json
View File

@ -83,6 +83,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-3342569a0f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-eed7193502",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/"
}
]
},

56
2020/1xxx/CVE-2020-1896.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC",
"DATE_ASSIGNEDE": "2021-02-01"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_value": "commit prior to 86543ac47e59c522976b5632b8bf9a2a4583c7d2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack overflow vulnerability in Facebook Hermes builtin apply prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2020-1896",
"url": "https://www.facebook.com/security/advisories/cve-2020-1896"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2",
"url": "https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2"
}
]
}

61
2020/20xxx/CVE-2020-20287.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.yccms.net/",
"refsource": "MISC",
"name": "http://www.yccms.net/"
},
{
"refsource": "MISC",
"name": "https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/",
"url": "https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/"
}
]
}

61
2020/20xxx/CVE-2020-20289.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.yccms.net/",
"refsource": "MISC",
"name": "http://www.yccms.net/"
},
{
"refsource": "MISC",
"name": "https://blog.jiguang.xyz/posts/yccms-sql-injection/",
"url": "https://blog.jiguang.xyz/posts/yccms-sql-injection/"
}
]
}

56
2020/20xxx/CVE-2020-20290.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.jiguang.xyz/posts/yccms-directory-traversal-vulnerability-report/",
"url": "https://blog.jiguang.xyz/posts/yccms-directory-traversal-vulnerability-report/"
}
]
}

56
2020/20xxx/CVE-2020-20294.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/arterli/CmsWing/issues/49",
"refsource": "MISC",
"name": "https://github.com/arterli/CmsWing/issues/49"
}
]
}

56
2020/20xxx/CVE-2020-20295.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/arterli/CmsWing/issues/50",
"refsource": "MISC",
"name": "https://github.com/arterli/CmsWing/issues/50"
}
]
}

Some files were not shown because too many files have changed in this diff Show More