admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-01 00:01:48 +00:00
parent c1f16e3d9f
commit 893035b3de
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 260 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
2020/14xxx/CVE-2020-14193.json
View File

@ -1,62 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-12-01T00:00:00",
"ID": "CVE-2020-14193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation for Jira",
"version": {
"version_data": [
{
"version_value": "7.1.15",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-12-01T00:00:00",
"ID": "CVE-2020-14193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation for Jira",
"version": {
"version_data": [
{
"version_value": "7.1.15",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JIRAAUTOSERVER-185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JIRAAUTOSERVER-185",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JIRAAUTOSERVER-185"
}
]
}
}

5
2020/20xxx/CVE-2020-20739.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a",
"refsource": "MISC",
"name": "https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2473-1] vips security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html"
}
]
}

5
2020/28xxx/CVE-2020-28896.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://github.com/neomutt/neomutt/releases/tag/20201120",
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
}
]
}

50
2020/4xxx/CVE-2020-4126.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "v10.0.1 FP6, v11.0.1 FP2 and later"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive cookie exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085411"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later."
}
]
}

50
2020/4xxx/CVE-2020-4129.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v9.0.1 FP10 IF6, v10.0.1 FP6, v11.0.1 FP1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lockout policy bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085407",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085407"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later."
}
]
}

50
2020/9xxx/CVE-2020-9115.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.1.B050,8.0.0,8.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201125-01-commandinjection-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device."
}
]
}

50
2020/9xxx/CVE-2020-9116.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9116",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FusionCompute",
"version": {
"version_data": [
{
"version_value": "6.5.1,8.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-fusioncompute-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege."
}
]
}