admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-30 18:01:23 +00:00
parent f6e31fc9fb
commit 8088101762
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 76 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10375.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/fbb-git/yodl/issues/1",
"refsource": "CONFIRM",
"url": "https://github.com/fbb-git/yodl/issues/1"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2194-1] yodl security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00026.html"
}
]
}

5
2016/10xxx/CVE-2016-10711.json
View File

@ -61,6 +61,11 @@
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
}
]
}

5
2017/8xxx/CVE-2017-8798.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798",
"refsource": "MISC",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2197-1] miniupnpc security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00027.html"
}
]
}

5
2018/6xxx/CVE-2018-6196.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1142",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2195-1] w3m security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html"
}
]
}

5
2018/6xxx/CVE-2018-6197.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1142",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2195-1] w3m security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html"
}
]
}

11
2020/10xxx/CVE-2020-10505.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "ALLE INFORMATION CO., LTD.",
"product": {
"product_data": [
{
@ -18,15 +19,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2020"
"version_value": "before 2020"
}
]
}
}
]
},
"vendor_name": "ALLE INFORMATION CO., LTD."
}
}
]
}
@ -38,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password."
"value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password."
}
]
},
@ -77,10 +76,12 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d",
"url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d"
}
]

15
2020/10xxx/CVE-2020-10506.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "ALLE INFORMATION CO., LTD.",
"product": {
"product_data": [
{
@ -18,15 +19,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2020"
"version_value": "before 2020"
}
]
}
}
]
},
"vendor_name": "ALLE INFORMATION CO., LTD."
}
}
]
}
@ -38,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files."
"value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files."
}
]
},
@ -77,11 +76,13 @@
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html"
"name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d",
"url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d"
},
{
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d"
"name": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html"
}
]
},

15
2020/10xxx/CVE-2020-10507.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "ALLE INFORMATION CO., LTD.",
"product": {
"product_data": [
{
@ -18,15 +19,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2020"
"version_value": "before 2020"
}
]
}
}
]
},
"vendor_name": "ALLE INFORMATION CO., LTD."
}
}
]
}
@ -38,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine."
"value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine."
}
]
},
@ -77,11 +76,13 @@
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html"
"name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d",
"url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d"
},
{
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d"
"name": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html"
}
]
},

16
2020/10xxx/CVE-2020-10511.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "HGiga",
"product": {
"product_data": [
{
@ -18,21 +19,16 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "CCMAILQ",
"version_value": "olln-base-6.0-418.i386.rpm"
"version_value": "CCMAILQ before olln-base-6.0-418.i386.rpm"
},
{
"version_affected": "<",
"version_name": "CCMAILN",
"version_value": "olln-base-5.0-418.i386.rpm"
"version_value": "CCMAILN before olln-base-5.0-418.i386.rpm"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
}
]
}
@ -44,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL."
"value": "HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL."
}
]
},
@ -88,10 +84,12 @@
},
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/tonykuo76/7d41c414f23ef1e47c97f7b97e1b33b0",
"url": "https://gist.github.com/tonykuo76/7d41c414f23ef1e47c97f7b97e1b33b0"
},
{
"refsource": "CONFIRM",
"name": "https://www.chtsecurity.com/news/19400b04-ea92-4eaa-afa7-2449fd9b2e0b",
"url": "https://www.chtsecurity.com/news/19400b04-ea92-4eaa-afa7-2449fd9b2e0b"
}
]

16
2020/10xxx/CVE-2020-10512.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "HGiga",
"product": {
"product_data": [
{
@ -18,21 +19,16 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "CCMAILQ",
"version_value": "olln-calendar-6.0-100.i386.rpm"
"version_value": "CCMAILQ before olln-calendar-6.0-100.i386.rpm"
},
{
"version_affected": "<",
"version_name": "CCMAILN",
"version_value": "olln-calendar-5.0-100.i386.rpm"
"version_value": "CCMAILN before olln-calendar-5.0-100.i386.rpm"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
}
]
}
@ -44,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands."
"value": "HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands."
}
]
},
@ -88,10 +84,12 @@
},
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a",
"url": "https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a"
},
{
"refsource": "CONFIRM",
"name": "https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e",
"url": "https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e"
}
]

11
2020/10xxx/CVE-2020-10513.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "iCatch Inc.",
"product": {
"product_data": [
{
@ -18,15 +19,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20200103"
"version_value": "before 20200103"
}
]
}
}
]
},
"vendor_name": "iCatch Inc."
}
}
]
}
@ -38,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file."
"value": "The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file."
}
]
},
@ -77,10 +76,12 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d",
"url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d"
}
]

15
2020/10xxx/CVE-2020-10514.json
View File

@ -11,6 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "iCatch Inc.",
"product": {
"product_data": [
{
@ -18,15 +19,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20200103"
"version_value": "before 20200103"
}
]
}
}
]
},
"vendor_name": "iCatch Inc."
}
}
]
}
@ -38,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command."
"value": "iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command."
}
]
},
@ -77,11 +76,13 @@
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html"
"name": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d",
"url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d"
},
{
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d"
"name": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html"
}
]
},

2
2020/5xxx/CVE-2020-5237.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php.\n\nThis is fixed in versions 1.9.3 and 2.1.5."
"value": "Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5."
}
]
},