admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-30 20:01:27 +00:00
parent b595bdfdb1
commit 906509fd2c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
20 changed files with 382 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2016/11xxx/CVE-2016-11023.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ",
"refsource": "MISC",
"name": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ"
}
]
}
}

62
2016/11xxx/CVE-2016-11024.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ",
"refsource": "MISC",
"name": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ"
}
]
}
}

5
2017/11xxx/CVE-2017-11109.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

5
2017/5xxx/CVE-2017-5953.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4016-1",
"url": "https://usn.ubuntu.com/4016-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

5
2017/6xxx/CVE-2017-6349.json
View File

@ -81,6 +81,11 @@
"name": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

5
2017/6xxx/CVE-2017-6350.json
View File

@ -81,6 +81,11 @@
"name": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

5
2018/20xxx/CVE-2018-20786.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/vim/vim/issues/3711",
"refsource": "MISC",
"url": "https://github.com/vim/vim/issues/3711"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

12
2019/15xxx/CVE-2019-15703.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
@ -19,7 +19,13 @@
"version": {
"version_data": [
{
"version_value": "FortiOS 6.2.1 and below"
"version_value": "6.2.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.0.8 and below"
}
]
}
@ -55,7 +61,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only."
"value": "An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only."
}
]
}

5
2019/20xxx/CVE-2019-20079.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136",
"refsource": "MISC",
"name": "https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136"
},
{
"refsource": "UBUNTU",
"name": "USN-4309-1",
"url": "https://usn.ubuntu.com/4309-1/"
}
]
}

2
2020/10xxx/CVE-2020-10508.json
View File

@ -81,10 +81,12 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
]

6
2020/10xxx/CVE-2020-10509.json
View File

@ -81,11 +81,13 @@
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
"name": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
]
},

6
2020/10xxx/CVE-2020-10510.json
View File

@ -81,11 +81,13 @@
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
"name": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html",
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
]
},

18
2020/11xxx/CVE-2020-11100.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2020/5xxx/CVE-2020-5255.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header,\naffected versions of Symfony can fallback to the format defined in the `Accept` header of the request,\nleading to a possible mismatch between the response's content and `Content-Type` header.\nWhen the response is cached, this can prevent the use of the website by other users.\n\nThis has been patched in version 4.4."
"value": "In Symfony before version 4.4, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in version 4.4."
}
]
},

2
2020/5xxx/CVE-2020-5274.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Symfony before versions 5.0.5 and 4.4.5, \nsome properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace.\nIn addition, the stacktrace were displayed even in a non-debug configuration.\n\nThe ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration.\n\nThis issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5"
"value": "In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5"
}
]
},

2
2020/5xxx/CVE-2020-5275.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, \nit iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute,\npreventing the check of next attributes that should have been take into account in an unanimous strategy.\n\nThe accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute.\n\nThis issue is patched in versions 4.4.7 and 5.0.7."
"value": "In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7."
}
]
},

50
2020/5xxx/CVE-2020-5723.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5723",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grandstream UCM6200 series",
"version": {
"version_data": [
{
"version_value": "1.0.20.20 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Password Storage (CWE-312)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2020-17",
"url": "https://www.tenable.com/security/research/tra-2020-17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges."
}
]
}

50
2020/5xxx/CVE-2020-5724.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grandstream UCM6200 series",
"version": {
"version_data": [
{
"version_value": "1.0.20.20 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2020-17",
"url": "https://www.tenable.com/security/research/tra-2020-17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords."
}
]
}

50
2020/5xxx/CVE-2020-5725.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grandstream UCM6200 series",
"version": {
"version_data": [
{
"version_value": "1.0.20.20 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2020-17",
"url": "https://www.tenable.com/security/research/tra-2020-17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords."
}
]
}

50
2020/5xxx/CVE-2020-5726.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grandstream UCM6200 series",
"version": {
"version_data": [
{
"version_value": "1.0.20.20 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2020-17",
"url": "https://www.tenable.com/security/research/tra-2020-17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords."
}
]
}