admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-18 21:01:49 +00:00
parent 281ebdb6d4
commit 7ec676c6f2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 255 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/11xxx/CVE-2020-11738.json
View File

@ -61,6 +61,11 @@
"url": "https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html",
"url": "http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html"
}
]
},

50
2020/11xxx/CVE-2020-11974.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache DolphinScheduler(Incubating)",
"version": {
"version_data": [
{
"version_value": "Apache DolphinScheduler(Incubating) 1.2.0 and 1.2.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database."
}
]
}

50
2020/13xxx/CVE-2020-13535.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kepware",
"version": {
"version_data": [
{
"version_value": "Kepware LinkMaster 3.0.94.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1147",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1147"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges."
}
]
}

50
2020/17xxx/CVE-2020-17520.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulsar Manager",
"version": {
"version_data": [
{
"version_value": "Pulsar Manager 0.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API."
}
]
}

50
2020/27xxx/CVE-2020-27781.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Ceph",
"version": {
"version_data": [
{
"version_value": "Ceph 16.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even \"admin\" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0."
}
]
}

5
2020/28xxx/CVE-2020-28647.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020",
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020"
},
{
"refsource": "MISC",
"name": "https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/",
"url": "https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/"
}
]
}

5
2020/2xxx/CVE-2020-2231.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/08/12/4"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html"
}
]
}

50
2020/5xxx/CVE-2020-5803.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Marvell QConvergeConsole GUI",
"version": {
"version_data": [
{
"version_value": "5.5.0.74"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-56",
"url": "https://www.tenable.com/security/research/tra-2020-56"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root."
}
]
}

5
2020/8xxx/CVE-2020-8260.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html"
}
]
},