admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-14 21:01:34 +00:00
parent 7ff46f3ac8
commit 84889f56d7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/0xxx/CVE-2020-0543.json
View File

@ -108,6 +108,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-11ddbfbdf0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200714 Flatcar membership on the linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2020/07/14/5"
}
]
},

2
2020/11xxx/CVE-2020-11083.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.\n\nThis has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
}
]
},

2
2020/13xxx/CVE-2020-13977.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files."
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
]
},

2
2020/5xxx/CVE-2020-5246.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges.\n\nThe issue only impacts instances with LDAP configuration and where users can craft their own names.\n\nThis has been patched in version 4.9."
"value": "Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9."
}
]
},