admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-30 21:01:24 +00:00
parent 6f55d66d9d
commit 7cba310540
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 545 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
2012/6xxx/CVE-2012-6133.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6133",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Roundup",
"product": {
"product_data": [
{
"product_name": "Roundup",
"version": {
"version_data": [
{
"version_value": "before 1.4.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"refsource": "CONFIRM",
"name": "http://issues.roundup-tracker.org/issue2550724",
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/2",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/13/8",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
]
}

68
2013/2xxx/CVE-2013-2198.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2198",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,69 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Authentication"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Login Security",
"product": {
"product_data": [
{
"product_name": "Login Security",
"version": {
"version_data": [
{
"version_value": "6.x-1.x before 6.x-1.3"
},
{
"version_value": "7.x-1.x before 7.x-1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://drupal.org/node/2023507",
"url": "https://drupal.org/node/2023507"
},
{
"refsource": "CONFIRM",
"name": "https://drupal.org/node/2023503",
"url": "https://drupal.org/node/2023503"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/20/3",
"url": "http://www.openwall.com/lists/oss-security/2013/06/20/3"
},
{
"refsource": "CONFIRM",
"name": "https://drupal.org/node/2023585",
"url": "https://drupal.org/node/2023585"
}
]
}

63
2013/2xxx/CVE-2013-2294.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2294",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/120862/ViewGit-0.0.6-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/120862/ViewGit-0.0.6-Cross-Site-Scripting.html"
},
{
"refsource": "CONFIRM",
"name": "http://freecode.com/projects/viewgit/releases/353086",
"url": "http://freecode.com/projects/viewgit/releases/353086"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/24862",
"url": "http://www.exploit-db.com/exploits/24862"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Mar/174",
"url": "http://seclists.org/fulldisclosure/2013/Mar/174"
}
]
}

70
2013/4xxx/CVE-2013-4187.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4187",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Flippy",
"product": {
"product_data": [
{
"product_name": "Flippy",
"version": {
"version_data": [
{
"version_value": "7.x-1.x before 7.x-1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://drupal.org/node/2054701",
"url": "https://drupal.org/node/2054701"
},
{
"refsource": "CONFIRM",
"name": "https://drupal.org/node/2050827",
"url": "https://drupal.org/node/2050827"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/10/1",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/01/1",
"url": "http://www.openwall.com/lists/oss-security/2013/08/01/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/10/4",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/4"
}
]
}

70
2013/4xxx/CVE-2013-4241.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4241",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HitMyServer",
"product": {
"product_data": [
{
"product_name": "HMS Testimonials",
"version": {
"version_data": [
{
"version_value": "before 2.0.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Aug/96",
"url": "http://seclists.org/fulldisclosure/2013/Aug/96"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Aug/98",
"url": "http://seclists.org/fulldisclosure/2013/Aug/98"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/345",
"url": "http://seclists.org/oss-sec/2013/q3/345"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/361",
"url": "http://seclists.org/oss-sec/2013/q3/361"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/plugins/hms-testimonials/#developers",
"url": "https://wordpress.org/plugins/hms-testimonials/#developers"
}
]
}

67
2015/0xxx/CVE-2015-0949.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0949",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Latitude E6430",
"version": {
"version_data": [
{
"version_value": "BIOS Revision A09"
}
]
}
}
]
}
},
{
"vendor_name": "HP",
"product": {
"product_data": [
{
"product_name": "EliteBook 850 G1",
"version": {
"version_data": [
{
"version_value": "BIOS revision L71 Ver. 01.09"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.kb.cert.org/vuls/id/631788",
"url": "http://www.kb.cert.org/vuls/id/631788"
}
]
}

10
2015/5xxx/CVE-2015-5174.json
View File

@ -246,6 +246,16 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
"url": "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
"url": "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E"
}
]
}

65
2015/8xxx/CVE-2015-8851.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8851",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "node-uuid",
"product": {
"product_data": [
{
"product_name": "node-uuid",
"version": {
"version_data": [
{
"version_value": "before 1.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d",
"url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"
},
{
"refsource": "CONFIRM",
"name": "https://nodesecurity.io/advisories/93",
"url": "https://nodesecurity.io/advisories/93"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2016/04/13/8",
"url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"
}
]
}

5
2019/20xxx/CVE-2019-20387.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6",
"refsource": "MISC",
"name": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2088-1] libsolv security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"
}
]
}

2
2020/5xxx/CVE-2020-5222.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials.\n\nThis problem is fixed in Opencast 7.6 and Opencast 8.1"
"value": "Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1"
}
]
},

2
2020/5xxx/CVE-2020-5229.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nOpencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm.\nFurthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user.\n\nThis essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes.\n\nNote that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords.\n\nThe problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated.\n\nFor a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint."
"value": "Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint."
}
]
},

2
2020/5xxx/CVE-2020-5230.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and\nelements to be used. This can be problematic for operation and security\nsince such identifiers are sometimes used for file system operations\nwhich may lead to an attacker being able to escape working directories and\nwrite files to other locations.\n\nIn addition, Opencast's Id.toString(…) vs Id.compact(…) behavior,\nthe latter trying to mitigate some of the file system problems, can\ncause errors due to identifier mismatch since an identifier may\nunintentionally change.\n\nThis issue is fixed in Opencast 7.6 and 8.1."
"value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
}
]
},

18
2020/8xxx/CVE-2020-8493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8495.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}