admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-16 20:02:58 +00:00
parent 2501b686ee
commit bf7ccc9a33
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 121 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/18xxx/CVE-2019-18197.json
View File

@ -116,6 +116,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
}
]
}

33
2020/11xxx/CVE-2020-11669.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. Incorrect register save/restore logic when entering/leaving CPU idle states allows a guest OS administrator on a POWER9 KVM host to cause a denial of service by booting a guest kernel that sets the AMR within the guest, such as a 5.2 (or later) guest kernel with Kernel Userspace Access Prevention (KUAP) enabled, aka CID-10d91611f426."
"value": "An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd."
}
]
},
@ -52,40 +52,35 @@
},
"references": {
"reference_data": [
{
"refsource": "REDHAT",
"name": "RHSA-2019:3517",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2"
},
{
"url": "https://github.com/torvalds/linux/commit/10d91611f426d4bafd2a83d966c36da811b2f7ad",
"url": "https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/10d91611f426d4bafd2a83d966c36da811b2f7ad"
"name": "https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10d91611f426d4bafd2a83d966c36da811b2f7ad",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10d91611f426d4bafd2a83d966c36da811b2f7ad"
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0"
},
{
"refsource": "MISC",
"name": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208663.html",
"url": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208663.html"
"refsource": "MLIST",
"name": "[oss-security] 20200415 CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts",
"url": "http://www.openwall.com/lists/oss-security/2020/04/15/1"
},
{
"refsource": "MISC",
"name": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html",
"url": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html"
"refsource": "MLIST",
"name": "[oss-security] 20200415 Re: CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts",
"url": "http://www.openwall.com/lists/oss-security/2020/04/15/2"
},
{
"refsource": "MISC",
"name": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208661.html",
"url": "https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208661.html"
"refsource": "MLIST",
"name": "[oss-security] 20200416 Re: CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts",
"url": "http://www.openwall.com/lists/oss-security/2020/04/16/2"
}
]
}

56
2020/11xxx/CVE-2020-11815.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce.html"
}
]
}

58
2020/11xxx/CVE-2020-11818.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

58
2020/11xxx/CVE-2020-11819.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce-via.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce-via.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

58
2020/11xxx/CVE-2020-11820.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-entitiesid.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-entitiesid.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

58
2020/11xxx/CVE-2020-11823.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html",
"url": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

58
2020/11xxx/CVE-2020-11825.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11825",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html",
"url": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

58
2020/11xxx/CVE-2020-11826.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/02/memono-insecure-data-storage-ios.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/02/memono-insecure-data-storage-ios.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

10
2020/8xxx/CVE-2020-8840.json
View File

@ -196,6 +196,16 @@
"refsource": "MLIST",
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E"
}
]
}