admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-28 20:01:56 +00:00
parent e1e8b86c12
commit 9936bd3033
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 248 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2020/14xxx/CVE-2020-14273.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Domino",
"version": {
"version_data": [
{
"version_value": "v10"
},
{
"version_value": "v11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Denial of Service\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server."
}
]
}

61
2020/25xxx/CVE-2020-25507.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.nomagic.com/display/TWCloud190/Installation+on+Linux+using+scripts",
"refsource": "MISC",
"name": "https://docs.nomagic.com/display/TWCloud190/Installation+on+Linux+using+scripts"
},
{
"refsource": "MISC",
"name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md",
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md"
}
]
}

42
2020/26xxx/CVE-2020-26290.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector.\nThe vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library.\nThe vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references)."
"value": "Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references)."
}
]
},
@ -69,6 +69,26 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md"
},
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md"
},
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md"
},
{
"name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
"refsource": "MISC",
"url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/"
},
{
"name": "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5",
"refsource": "CONFIRM",
@ -88,26 +108,6 @@
"name": "https://github.com/dexidp/dex/releases/tag/v2.27.0",
"refsource": "MISC",
"url": "https://github.com/dexidp/dex/releases/tag/v2.27.0"
},
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md"
},
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md"
},
{
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md"
},
{
"name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
"refsource": "MISC",
"url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/"
}
]
},

66
2020/35xxx/CVE-2020-35730.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a crafted email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://roundcube.net/download/",
"refsource": "MISC",
"name": "https://roundcube.net/download/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10",
"url": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491"
}
]
}

62
2020/35xxx/CVE-2020-35766.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the \"A number of self-test programs are included here for unit-testing the library\" situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/trusteddomainproject/OpenDKIM/issues/113",
"refsource": "MISC",
"name": "https://github.com/trusteddomainproject/OpenDKIM/issues/113"
}
]
}
}