admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-21 23:01:59 +00:00
parent d7188d269f
commit ac0d85c6c4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 337 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/26xxx/CVE-2020-26284.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one.\n\nWindows users who run `hugo` inside untrusted Hugo sites are affected.\n\nUsers should upgrade to Hugo v0.79.1.\n\nOther than avoiding untrusted Hugo sites, there is no workaround."
"value": "Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one. Windows users who run `hugo` inside untrusted Hugo sites are affected. Users should upgrade to Hugo v0.79.1. Other than avoiding untrusted Hugo sites, there is no workaround."
}
]
},

17
2020/26xxx/CVE-2020-26939.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption."
"value": "In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption."
}
]
},
@ -52,25 +52,10 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1",
"refsource": "MISC",
"name": "https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1"
},
{
"refsource": "MISC",
"name": "https://github.com/bcgit/bc-java/wiki/CVE-2020-26939",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-26939"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201105 [SECURITY] [DLA 2433-1] bouncycastle security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201202-0005/",
"url": "https://security.netapp.com/advisory/ntap-20201202-0005/"
}
]
}

67
2020/35xxx/CVE-2020-35622.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T268341",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T268341"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
}
]
}
}

67
2020/35xxx/CVE-2020-35623.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T263498",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T263498"
},
{
"url": "https://github.com/CWRUChielLab/CASAuth/pull/11",
"refsource": "MISC",
"name": "https://github.com/CWRUChielLab/CASAuth/pull/11"
}
]
}
}

67
2020/35xxx/CVE-2020-35624.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T268794",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T268794"
},
{
"url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
}
]
}
}

67
2020/35xxx/CVE-2020-35625.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \\MediaWiki\\Shell\\Shell::command within a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T269718",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T269718"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
}
]
}
}

67
2020/35xxx/CVE-2020-35626.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T268641",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T268641"
},
{
"url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
}
]
}
}