admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-08 01:01:41 +00:00
parent 4312300601
commit b42a11e60f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 482 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/15xxx/CVE-2020-15824.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
}
]
}

5
2020/17xxx/CVE-2020-17521.json
View File

@ -57,6 +57,11 @@
"refsource": "CONFIRM",
"name": "https://groovy-lang.org/security.html#CVE-2020-17521",
"url": "https://groovy-lang.org/security.html#CVE-2020-17521"
},
{
"refsource": "MLIST",
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
}
]
},

5
2020/1xxx/CVE-2020-1945.json
View File

@ -258,6 +258,11 @@
"refsource": "MLIST",
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
}
]
},

67
2020/25xxx/CVE-2020-25628.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.9 to 3.9.1"
},
{
"version_value": "3.8 to 3.8.4"
},
{
"version_value": "3.7 to 3.7.7"
},
{
"version_value": "3.5 to 3.5.13"
},
{
"version_value": "earlier unsupported versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340"
},
{
"refsource": "CONFIRM",
"name": "https://moodle.org/mod/forum/discuss.php?d=410840",
"url": "https://moodle.org/mod/forum/discuss.php?d=410840"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14."
}
]
}

62
2020/25xxx/CVE-2020-25629.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.9 to 3.9.1"
},
{
"version_value": "3.8 to 3.8.4"
},
{
"version_value": "3.7 to 3.7.7"
},
{
"version_value": "3.5 to 3.5.13"
},
{
"version_value": "earlier unsupported versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://moodle.org/mod/forum/discuss.php?d=410841",
"url": "https://moodle.org/mod/forum/discuss.php?d=410841"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Moodle where users with \"Log in as\" capability in a course context (typically, course managers) may gain access to some site administration capabilities by \"logging in as\" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14."
}
]
}

62
2020/25xxx/CVE-2020-25630.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.9 to 3.9.1"
},
{
"version_value": "3.8 to 3.8.4"
},
{
"version_value": "3.7 to 3.7.7"
},
{
"version_value": "3.5 to 3.5.13"
},
{
"version_value": "earlier unsupported versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://moodle.org/mod/forum/discuss.php?d=410842",
"url": "https://moodle.org/mod/forum/discuss.php?d=410842"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14."
}
]
}

50
2020/25xxx/CVE-2020-25631.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://moodle.org/mod/forum/discuss.php?d=410843",
"url": "https://moodle.org/mod/forum/discuss.php?d=410843"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the \"Add new chapter\" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8."
}
]
}

55
2020/25xxx/CVE-2020-25677.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ceph-ansible",
"version": {
"version_data": [
{
"version_value": "4.0.34.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/ceph/ceph-ansible/pull/5964",
"url": "https://github.com/ceph/ceph-ansible/pull/5964"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within."
}
]
}

50
2020/25xxx/CVE-2020-25692.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openldap",
"version": {
"version_data": [
{
"version_value": "openldap 2.4.55"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service."
}
]
}

15
2020/27xxx/CVE-2020-27218.json
View File

@ -132,6 +132,21 @@
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930@%3Cnotifications.zookeeper.apache.org%3E"
}
]
}

80
2020/27xxx/CVE-2020-27818.json
View File

@ -4,14 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "pngcheck",
"version": {
"version_data": [
{
"version_value": "pngcheck-2.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120->CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902011"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability."
}
]
}

50
2020/27xxx/CVE-2020-27822.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_value": "19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, 21.0.0.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability."
}
]
}