mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
cefdd4622d
commit
b68ef12ce4
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder."
|
||||
"value": "Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -53,24 +53,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.silverstripe.org/download/security-releases/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.silverstripe.org/download/security-releases/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.silverstripe.org/blog/tag/release",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.silverstripe.org/blog/tag/release"
|
||||
},
|
||||
{
|
||||
"url": "https://forum.silverstripe.org/c/releases",
|
||||
"refsource": "MISC",
|
||||
"name": "https://forum.silverstripe.org/c/releases"
|
||||
},
|
||||
{
|
||||
"url": "https://twitter.com/memn0ps",
|
||||
"refsource": "MISC",
|
||||
"name": "https://twitter.com/memn0ps"
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326",
|
||||
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
77
2019/20xxx/CVE-2019-20908.json
Normal file
77
2019/20xxx/CVE-2019-20908.json
Normal file
@ -0,0 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-20908",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh"
|
||||
},
|
||||
{
|
||||
"url": "https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e"
|
||||
},
|
||||
{
|
||||
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave.\n\nThis has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."
|
||||
"value": "In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
77
2020/15xxx/CVE-2020-15780.json
Normal file
77
2020/15xxx/CVE-2020-15780.json
Normal file
@ -0,0 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2020-15780",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh"
|
||||
},
|
||||
{
|
||||
"url": "https://www.openwall.com/lists/oss-security/2020/06/15/3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2020/06/15/3"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354"
|
||||
},
|
||||
{
|
||||
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user