admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-18 20:00:42 +00:00
parent 3b1418e3be
commit 890a08db50
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 384 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/14xxx/CVE-2020-14210.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected Cross-Site Scripting (XSS) through a crafted URL. This occurs because the Detect URL field displays the original URL."
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/kbgsft/vuln-AIWAF/wiki/Cross-site-scripting(XSS)-vulnerability-in-AIWAF-in-MONITORAPP-by-xcuter",
"refsource": "MISC",
"name": "https://github.com/kbgsft/vuln-AIWAF/wiki/Cross-site-scripting(XSS)-vulnerability-in-AIWAF-in-MONITORAPP-by-xcuter"
},
{
"refsource": "MISC",
"name": "https://github.com/monitorapp-aicc/report/wiki/CVE-2020-14210",
"url": "https://github.com/monitorapp-aicc/report/wiki/CVE-2020-14210"
}
]
}

61
2020/35xxx/CVE-2020-35591.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discourse.pi-hole.net/c/announcements/5",
"refsource": "MISC",
"name": "https://discourse.pi-hole.net/c/announcements/5"
},
{
"refsource": "MISC",
"name": "https://n4nj0.github.io/advisories/pi-hole-multiple-vulnerabilities-i/",
"url": "https://n4nj0.github.io/advisories/pi-hole-multiple-vulnerabilities-i/"
}
]
}

61
2020/35xxx/CVE-2020-35592.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discourse.pi-hole.net/c/announcements/5",
"refsource": "MISC",
"name": "https://discourse.pi-hole.net/c/announcements/5"
},
{
"refsource": "MISC",
"name": "https://n4nj0.github.io/advisories/pi-hole-multiple-vulnerabilities-i/",
"url": "https://n4nj0.github.io/advisories/pi-hole-multiple-vulnerabilities-i/"
}
]
}

71
2020/35xxx/CVE-2020-35776.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://issues.asterisk.org/",
"refsource": "MISC",
"name": "https://issues.asterisk.org/"
},
{
"refsource": "FULLDISC",
"name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
"url": "http://seclists.org/fulldisclosure/2021/Feb/57"
},
{
"refsource": "CONFIRM",
"name": "https://downloads.asterisk.org/pub/security/AST-2021-001.html",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
},
{
"refsource": "CONFIRM",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29227",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
}
]
}

79
2020/36xxx/CVE-2020-36233.json
View File

@ -1,17 +1,84 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-02-16T00:00:00",
"ID": "CVE-2020-36233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitbucket Server and Data Center",
"version": {
"version_data": [
{
"version_value": "6.10.9",
"version_affected": "<"
},
{
"version_value": "7.0.0",
"version_affected": ">="
},
{
"version_value": "7.6.4",
"version_affected": "<"
},
{
"version_value": "7.7.0",
"version_affected": ">="
},
{
"version_value": "7.10.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/BSERV-12753",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/BSERV-12753"
},
{
"refsource": "CERT-VN",
"name": "VU#240785",
"url": "https://www.kb.cert.org/vuls/id/240785"
}
]
}

71
2021/26xxx/CVE-2021-26717.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26717",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"name": "https://downloads.asterisk.org/pub/security/"
},
{
"refsource": "FULLDISC",
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"refsource": "CONFIRM",
"name": "https://downloads.asterisk.org/pub/security/AST-2021-002.html",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"refsource": "CONFIRM",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29203",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
}
]
}

71
2021/26xxx/CVE-2021-26906.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"name": "https://downloads.asterisk.org/pub/security/"
},
{
"refsource": "FULLDISC",
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"refsource": "CONFIRM",
"name": "https://downloads.asterisk.org/pub/security/AST-2021-005.html",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"refsource": "CONFIRM",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29196",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
}
]
}