admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-21 20:01:46 +00:00
parent 0765cf2883
commit baa35ed01b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 224 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/12xxx/CVE-2017-12904.json
View File

@ -71,6 +71,11 @@
"name": "DSA-3947",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3947"
},
{
"refsource": "UBUNTU",
"name": "USN-4585-1",
"url": "https://usn.ubuntu.com/4585-1/"
}
]
}

5
2017/14xxx/CVE-2017-14500.json
View File

@ -76,6 +76,11 @@
"name": "https://github.com/akrennmair/newsbeuter/issues/598",
"refsource": "MISC",
"url": "https://github.com/akrennmair/newsbeuter/issues/598"
},
{
"refsource": "UBUNTU",
"name": "USN-4585-1",
"url": "https://usn.ubuntu.com/4585-1/"
}
]
}

2
2020/25xxx/CVE-2020-25820.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field."
"value": "BigBlueButton before 2.2.27 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field."
}
]
},

61
2020/27xxx/CVE-2020-27344.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The cm-download-manager plugin before 2.8.0 for WordPress allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/cm-download-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cm-download-manager/#developers"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/qwebee/da79c6a9fa982c3c40988a1e0598c0d9",
"url": "https://gist.github.com/qwebee/da79c6a9fa982c3c40988a1e0598c0d9"
}
]
}

61
2020/27xxx/CVE-2020-27601.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1"
}
]
}

61
2020/27xxx/CVE-2020-27602.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717"
}
]
}

2
2020/27xxx/CVE-2020-27603.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files."
"value": "BigBlueButton before 2.2.7 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files."
}
]
},

2
2020/27xxx/CVE-2020-27605.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a \"schwache Sandbox.\""
"value": "BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a \"schwache Sandbox.\""
}
]
},

2
2020/27xxx/CVE-2020-27606.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
"value": "BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},

2
2020/27xxx/CVE-2020-27607.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties."
"value": "In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties."
}
]
},

12
2020/27xxx/CVE-2020-27608.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document."
"value": "In BigBlueButton before 2.2.6, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document."
}
]
},
@ -56,6 +56,16 @@
"url": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html",
"refsource": "MISC",
"name": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/79361bd4859145f888a88d59d92b1a83ccc8ab23",
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/79361bd4859145f888a88d59d92b1a83ccc8ab23"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.5...v2.2.6",
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.5...v2.2.6"
}
]
}

2
2020/27xxx/CVE-2020-27609.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant."
"value": "BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant."
}
]
},

2
2020/27xxx/CVE-2020-27610.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access."
"value": "The installation procedure in BigBlueButton before 2.2.8 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access."
}
]
},

2
2020/27xxx/CVE-2020-27611.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint."
"value": "BigBlueButton through 2.2.8 uses STUN/TURN resources from a third party, which may represent an unintended endpoint."
}
]
},

2
2020/27xxx/CVE-2020-27612.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window."
"value": "Greenlight in BigBlueButton through 2.2.8 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window."
}
]
},

12
2020/27xxx/CVE-2020-27613.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access."
"value": "The installation procedure in BigBlueButton before 2.2.17 uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access."
}
]
},
@ -56,6 +56,16 @@
"url": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html",
"refsource": "MISC",
"name": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/fa730b726aa1e0f4601f428ee29830007eea0080",
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/fa730b726aa1e0f4601f428ee29830007eea0080"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.16...v2.2.17",
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.16...v2.2.17"
}
]
}

18
2020/27xxx/CVE-2020-27614.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}