admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-20 14:02:12 +00:00
parent 0e1ffa8bf0
commit ac22237ad3
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 349 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2020/10xxx/CVE-2020-10725.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10725",
"ASSIGNER": "darunesh@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -46,16 +47,20 @@
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725",
"refsource": "CONFIRM"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270",
"refsource": "MISC",
"name": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
]
},

11
2020/10xxx/CVE-2020-10726.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10726",
"ASSIGNER": "darunesh@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -47,7 +48,9 @@
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726",
@ -55,7 +58,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271",
"refsource": "MISC",
"name": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
]
},

56
2020/11xxx/CVE-2020-11716.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at \"End-of-software-support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://mobile.panasonic.com/in/advisory",
"url": "https://mobile.panasonic.com/in/advisory"
}
]
}

12
2020/12xxx/CVE-2020-12667.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://cyber-security-group.cs.tau.ac.il/#",
"url": "http://cyber-security-group.cs.tau.ac.il/#"
},
{
"refsource": "MISC",
"name": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/",
@ -71,7 +66,12 @@
"refsource": "MLIST",
"name": "[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/2"
},
{
"refsource": "MISC",
"name": "http://cyber-security-group.cs.tau.ac.il/#",
"url": "http://cyber-security-group.cs.tau.ac.il/#"
}
]
}
}
}

67
2020/13xxx/CVE-2020-13230.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/issues/3343",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/3343"
},
{
"url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11"
}
]
}
}

67
2020/13xxx/CVE-2020-13231.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11"
},
{
"url": "https://github.com/Cacti/cacti/issues/3342",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/3342"
}
]
}
}

50
2020/1xxx/CVE-2020-1955.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache CouchDB",
"version": {
"version_data": [
{
"version_value": "Apache CouchDB 3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://docs.couchdb.org/en/master/cve/2020-1955.html",
"url": "https://docs.couchdb.org/en/master/cve/2020-1955.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue."
}
]
}

50
2020/3xxx/CVE-2020-3956.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Cloud Director",
"version": {
"version_data": [
{
"version_value": "VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0010.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0010.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access."
}
]
}

50
2020/5xxx/CVE-2020-5753.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Signal Private Messenger",
"version": {
"version_data": [
{
"version_value": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-33",
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
}
]
}