admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-03 15:01:33 +00:00
parent 1d653ac6ce
commit a47e311b2f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 560 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2019/10xxx/CVE-2019-10679.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\\Thomson Reuters\\Eikon permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.thomsonreuters.com/en/products-services.html",
"refsource": "MISC",
"name": "https://www.thomsonreuters.com/en/products-services.html"
},
{
"refsource": "MISC",
"name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html",
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"refsource": "FULLDISC",
"name": "20200827 SEC Consult SA-20200826-0 :: Extensive file permissions on service executable in Eikon Thomson Reuters",
"url": "http://seclists.org/fulldisclosure/2020/Aug/19"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158989/Eikon-Thomson-Reuters-4.0.42144-File-Permissions.html",
"url": "http://packetstormsecurity.com/files/158989/Eikon-Thomson-Reuters-4.0.42144-File-Permissions.html"
},
{
"refsource": "MISC",
"name": "https://sec-consult.com/en/blog/advisories/extensive-file-permissions-on-service-executable-in-eikon-thomson-reuters-cve-2019-10679/",
"url": "https://sec-consult.com/en/blog/advisories/extensive-file-permissions-on-service-executable-in-eikon-thomson-reuters-cve-2019-10679/"
}
]
}

56
2020/13xxx/CVE-2020-13972.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://burninatorsec.blogspot.com/2020/09/cve-2020-13972-xss-via-ssrf-in.html",
"url": "http://burninatorsec.blogspot.com/2020/09/cve-2020-13972-xss-via-ssrf-in.html"
}
]
}

4
2020/16xxx/CVE-2020-16149.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-16149",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requestor. Notes: none."
}
]
}

61
2020/24xxx/CVE-2020-24385.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.midnightbsd.org/notes/",
"refsource": "MISC",
"name": "https://www.midnightbsd.org/notes/"
},
{
"refsource": "CONFIRM",
"name": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt",
"url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt"
}
]
}

71
2020/24xxx/CVE-2020-24863.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.midnightbsd.org/notes/",
"refsource": "MISC",
"name": "https://www.midnightbsd.org/notes/"
},
{
"url": "https://github.com/MidnightBSD/src/blob/1691c07ff4f27b97220a5d65e217341e477f4014/sys/kern/vfs_syscalls.c",
"refsource": "MISC",
"name": "https://github.com/MidnightBSD/src/blob/1691c07ff4f27b97220a5d65e217341e477f4014/sys/kern/vfs_syscalls.c"
},
{
"refsource": "CONFIRM",
"name": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:01.txt",
"url": "http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:01.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.freebsd.org/security/advisories/FreeBSD-EN-20:18.getfsstat.asc",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-20:18.getfsstat.asc"
}
]
}

56
2020/24xxx/CVE-2020-24948.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wpvulndb.com/vulnerabilities/10372",
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/10372"
}
]
}

61
2020/25xxx/CVE-2020-25042.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/maracms/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/maracms/"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/48780",
"url": "https://www.exploit-db.com/exploits/48780"
}
]
}

66
2020/25xxx/CVE-2020-25068.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=CLAHE0qUHXs",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=CLAHE0qUHXs"
},
{
"url": "http://setelsa-security.es/productos/control-de-acceso/",
"refsource": "MISC",
"name": "http://setelsa-security.es/productos/control-de-acceso/"
},
{
"refsource": "MISC",
"name": "https://github.com/bryanroma/CVE-2020-25068",
"url": "https://github.com/bryanroma/CVE-2020-25068"
}
]
}

62
2020/25xxx/CVE-2020-25104.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650",
"refsource": "MISC",
"name": "https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650"
}
]
}
}

62
2020/25xxx/CVE-2020-25105.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650/2",
"refsource": "MISC",
"name": "https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650/2"
}
]
}
}

18
2020/25xxx/CVE-2020-25106.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

9
2020/7xxx/CVE-2020-7381.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.con",
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7381",
"STATE": "PUBLIC",
"TITLE": "Code Injection in Rapid7 Nexpose Installer"
@ -80,12 +80,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
"refsource": "MISC",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40",
"name": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

11
2020/7xxx/CVE-2020-7382.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.con",
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7382",
"STATE": "PUBLIC",
"TITLE": "Unquoted Path in Rapid7 Nexpose Installer"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. \nThis issue affects:\nRapid7 Nexpose\nversions prior to 6.6.40."
"value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40."
}
]
},
@ -80,12 +80,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
"refsource": "MISC",
"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40",
"name": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}