admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-30 17:01:24 +00:00
parent f4cd83f350
commit 81a0cfd9e4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 250 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/9xxx/CVE-2017-9111.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4148-1",
"url": "https://usn.ubuntu.com/4148-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2017/9xxx/CVE-2017-9113.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4148-1",
"url": "https://usn.ubuntu.com/4148-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2017/9xxx/CVE-2017-9115.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4148-1",
"url": "https://usn.ubuntu.com/4148-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2018/18xxx/CVE-2018-18444.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-ce3385517b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV/"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

11
2020/10xxx/CVE-2020-10691.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10691",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -18,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "all ansible-engine versions prior to 2.9.7"
"version_value": "all ansible-engine versions 2.9.x prior to 2.9.7"
}
]
}
@ -48,7 +49,7 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691",
"refsource": "CONFIRM"
},
{
{
"url": "https://github.com/ansible/ansible/pull/68596",
"name": "https://github.com/ansible/ansible/pull/68596",
"refsource": "CONFIRM"
@ -59,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "An archive traversal flaw was found in all ansible-engine versions prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system."
"value": "An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system."
}
]
},
@ -73,4 +74,4 @@
]
]
}
}
}

61
2020/11xxx/CVE-2020-11651.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html",
"refsource": "MISC",
"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
}
]
}

61
2020/11xxx/CVE-2020-11652.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html",
"refsource": "MISC",
"name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html"
},
{
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
}
]
}

5
2020/11xxx/CVE-2020-11758.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11759.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11760.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11761.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11762.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11763.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11764.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

5
2020/11xxx/CVE-2020-11765.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
}
]
}

66
2020/12xxx/CVE-2020-12050.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sysdream.com/news/lab/",
"refsource": "MISC",
"name": "https://sysdream.com/news/lab/"
},
{
"url": "http://www.ch-werner.de/sqliteodbc/",
"refsource": "MISC",
"name": "http://www.ch-werner.de/sqliteodbc/"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825762"
}
]
}

2
2020/12xxx/CVE-2020-12103.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Tiny File Manager 2.4.1, there is a vulnerability in the ajax file backup copy functionality that allows authenticated users to place backup copies of files (with the .bak extension) into different directories."
"value": "In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored."
}
]
},

13
2020/1xxx/CVE-2020-1752.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1752",
"ASSIGNER": "msiddiqu@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -18,7 +19,10 @@
"version": {
"version_data": [
{
"version_value": "2.32"
"version_value": "Affected: versions 2.14 and later"
},
{
"version_value": "Fixed: version 2.32"
}
]
}
@ -58,14 +62,13 @@
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution."
"value": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32."
}
]
},
@ -79,4 +82,4 @@
]
]
}
}
}

5
2020/8xxx/CVE-2020-8840.json
View File

@ -226,6 +226,11 @@
"refsource": "MLIST",
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E"
}
]
}