admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-30 20:01:52 +00:00
parent 0926a4b329
commit 8783745fe5
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 432 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/15xxx/CVE-2018-15599.json
View File

@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://matt.ucc.asn.au/dropbear/CHANGES",
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"name": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html",
"refsource": "MISC",

7
2019/12xxx/CVE-2019-12155.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference."
"value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference."
}
]
},
@ -146,6 +146,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:4344",
"url": "https://access.redhat.com/errata/RHSA-2019:4344"
},
{
"refsource": "MISC",
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
}
]
}

56
2019/12xxx/CVE-2019-12768.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf",
"refsource": "MISC",
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf"
}
]
}

56
2019/12xxx/CVE-2019-12953.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES",
"refsource": "MISC",
"name": "https://matt.ucc.asn.au/dropbear/CHANGES"
}
]
}

62
2019/15xxx/CVE-2019-15078.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00",
"refsource": "MISC",
"name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00"
}
]
}
}

62
2019/15xxx/CVE-2019-15079.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-01",
"refsource": "MISC",
"name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-01"
}
]
}
}

67
2019/15xxx/CVE-2019-15080.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02",
"refsource": "MISC",
"name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02"
},
{
"url": "https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contracts",
"refsource": "MISC",
"name": "https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contracts"
}
]
}
}

5
2020/16xxx/CVE-2020-16164.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158",
"refsource": "MISC",
"name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158"
},
{
"refsource": "MISC",
"name": "https://github.com/RIPE-NCC/rpki-validator-3/security/advisories/GHSA-q76j-58cx-wp5v",
"url": "https://github.com/RIPE-NCC/rpki-validator-3/security/advisories/GHSA-q76j-58cx-wp5v"
}
]
}

2
2020/26xxx/CVE-2020-26288.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\".\nIn Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext.\nThis is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage."
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage."
}
]
},

66
2020/35xxx/CVE-2020-35173.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US"
},
{
"url": "https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2",
"refsource": "MISC",
"name": "https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/TeamAmaze/AmazeFileManager/pull/1815",
"url": "https://github.com/TeamAmaze/AmazeFileManager/pull/1815"
}
]
}

48
2020/35xxx/CVE-2020-35737.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2020-35737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486",
"url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference."
}
]
}

18
2020/35xxx/CVE-2020-35854.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}