admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-23 16:00:44 +00:00
parent 46a1196ff5
commit 9a9b1f0641
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 273 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/28xxx/CVE-2020-28429.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412",
"name": "https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package geojson2kml are vulnerable to Command Injection via the index.js file.\r\n\r\nPoC:\r\n\r\nvar a =require(\"geojson2kml\");\r\na(\"./\",\"& touch JHU\",function(){})\r\n\n"
"value": "All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(\"geojson2kml\"); a(\"./\",\"& touch JHU\",function(){})"
}
]
},

7
2020/28xxx/CVE-2020-28430.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-NUANCEGULPBUILDCOMMON-1050419"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NUANCEGULPBUILDCOMMON-1050419",
"name": "https://snyk.io/vuln/SNYK-JS-NUANCEGULPBUILDCOMMON-1050419"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file.\r\n\r\nPoC:\r\n \r\n/var a = require(\"nuance-gulp-build-common\")\r\na.run(\"touch JHU\")\r\n\n"
"value": "All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(\"nuance-gulp-build-common\") a.run(\"touch JHU\")"
}
]
},

7
2020/28xxx/CVE-2020-28431.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-WCCMD-1050423"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-WCCMD-1050423",
"name": "https://snyk.io/vuln/SNYK-JS-WCCMD-1050423"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package wc-cmd are vulnerable to Command Injection via the index.js file.\r\n\r\nPoC:\r\n\r\nvar a =require(\"wc-cmd\");\r\na(\"touch JHU\")\r\n\n"
"value": "All versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require(\"wc-cmd\"); a(\"touch JHU\")"
}
]
},

7
2020/28xxx/CVE-2020-28432.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-THEMECORE-1050425"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-THEMECORE-1050425",
"name": "https://snyk.io/vuln/SNYK-JS-THEMECORE-1050425"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package.\r\n\r\nPoC:\r\n\r\nvar a =require(\"theme-core\");\r\na.utils.sh(\"touch JHU\")\r\n\n"
"value": "All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(\"theme-core\"); a.utils.sh(\"touch JHU\")"
}
]
},

172
2020/4xxx/CVE-2020-4953.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029."
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4953",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-02-22T00:00:00"
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Planning Analytics",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"AV" : "N",
"I" : "N",
"C" : "L",
"A" : "N",
"PR" : "L",
"SCORE" : "4.300",
"AC" : "L",
"S" : "U"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6412707",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6412707 (Planning Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6412707"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192029",
"name" : "ibm-planning-cve20204953-info-disc (192029)"
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2020-4953",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-22T00:00:00"
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"AV": "N",
"I": "N",
"C": "L",
"A": "N",
"PR": "L",
"SCORE": "4.300",
"AC": "L",
"S": "U"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6412707",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6412707 (Planning Analytics)",
"name": "https://www.ibm.com/support/pages/node/6412707"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192029",
"name": "ibm-planning-cve20204953-info-disc (192029)"
}
]
}
}

84
2020/7xxx/CVE-2020-7847.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7847",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ipTIME NAS ",
"version": {
"version_data": [
{
"version_value": "1.4.36"
}
]
}
}
]
},
"vendor_name": "EFM Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JaeHyung Lee, InHyung Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

99
2021/25xxx/CVE-2021-25630.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2021-01-26T00:00:00.000Z",
"ID": "CVE-2021-25630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Collabora Online",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Collabora Online 4.2",
"version_value": "4.2.13"
},
{
"version_affected": "<",
"version_name": "Collabora Online 6.4",
"version_value": "6.4.3"
}
]
}
}
]
},
"vendor_name": "Collabora Productivity"
},
{
"product": {
"product_data": [
{
"product_name": "LibreOffice Online",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.0.1.1"
}
]
}
}
]
},
"vendor_name": "The Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Matthias Gerstner (SUSE) for raising the issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"loolforkit\" is a privileged program that is supposed to be run by a special, non-privileged \"lool\" user. Before doing anything else \"loolforkit\" checks, if it was invoked by the \"lool\" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of \"loolforkit\" this check was wrong, so a normal user could start \"loolforkit\" and eventually get local root privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"loolforkit\" privileged program local root exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v",
"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
},
{
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/01/18/3",
"name": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}