admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-10 16:02:49 +00:00
parent 6162611c04
commit c5b7aff61e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
27 changed files with 299 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/14xxx/CVE-2017-14063.json
View File

@ -156,6 +156,11 @@
"refsource": "MLIST",
"name": "[tez-issues] 20201021 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063",
"url": "https://lists.apache.org/thread.html/r5f794dc07913c5f2ec08f540813b40e61b562d36f8b1f916e8705c56@%3Cissues.tez.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tez-issues] 20201110 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063",
"url": "https://lists.apache.org/thread.html/r41a0e2c36f7d1854a4d56cb1e4aa720ef501782d887ece1c9b1e2d60@%3Cissues.tez.apache.org%3E"
}
]
}

102
2020/12xxx/CVE-2020-12485.json
View File

@ -1,17 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "vivo Mobile Communication Technology Co. Ltd.",
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2020-11-09T09:12:00.000Z",
"ID": "CVE-2020-12485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The frame touch module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "PD2012_1.4.0"
},
{
"version_affected": "<",
"version_value": "PD1965EF_EX_EU_4.4.0"
},
{
"version_affected": "<",
"version_value": "PD2001F_EX_1.6.0"
},
{
"version_affected": "<",
"version_value": "PD1968F_EX_1.10.1"
},
{
"version_affected": "<",
"version_value": "PD1962_1.7.6"
},
{
"version_affected": "<",
"version_value": "PD1981_1.5.0"
},
{
"version_affected": "<",
"version_value": "PD2006F_EX_1.6.2"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=2",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=2"
}
]
}

50
2020/13xxx/CVE-2020-13927.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_value": "Apache Airflow <1.10.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default"
}
]
}

5
2020/14xxx/CVE-2020-14556.json
View File

@ -128,6 +128,11 @@
"refsource": "GENTOO",
"name": "GLSA-202008-24",
"url": "https://security.gentoo.org/glsa/202008-24"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14577.json
View File

@ -123,6 +123,11 @@
"refsource": "UBUNTU",
"name": "USN-4453-1",
"url": "https://usn.ubuntu.com/4453-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14578.json
View File

@ -108,6 +108,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14579.json
View File

@ -108,6 +108,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14581.json
View File

@ -128,6 +128,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14583.json
View File

@ -128,6 +128,11 @@
"refsource": "GENTOO",
"name": "GLSA-202008-24",
"url": "https://security.gentoo.org/glsa/202008-24"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14593.json
View File

@ -128,6 +128,11 @@
"refsource": "GENTOO",
"name": "GLSA-202008-24",
"url": "https://security.gentoo.org/glsa/202008-24"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14621.json
View File

@ -138,6 +138,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14779.json
View File

@ -121,6 +121,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-fdc79d8e5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14781.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14782.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14792.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14796.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14797.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14798.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/14xxx/CVE-2020-14803.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
}
]
}

5
2020/27xxx/CVE-2020-27589.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper",
"url": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"
},
{
"refsource": "CONFIRM",
"name": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified",
"url": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"
}
]
}

50
2020/28xxx/CVE-2020-28267.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "@strikeentco/set",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/strikeentco/set/commit/102cc6b2e1d1e0c928ced87e75df759d5541ff60",
"url": "https://github.com/strikeentco/set/commit/102cc6b2e1d1e0c928ced87e75df759d5541ff60"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
]
}

5
2020/28xxx/CVE-2020-28327.json
View File

@ -56,6 +56,11 @@
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html",
"refsource": "MISC",
"name": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"refsource": "MISC",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29057",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
]
}

2
2020/5xxx/CVE-2020-5644.json
View File

@ -70,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
}

2
2020/5xxx/CVE-2020-5645.json
View File

@ -70,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
}

2
2020/5xxx/CVE-2020-5648.json
View File

@ -70,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1450-QLBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, GT1455HS-QTBDE CoreOS version \u201905.65.00.BD\u2019 and earlier, and GT1450HS-QMBDE CoreOS version \u201905.65.00.BD\u2019 and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
"value": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QMBDE CoreOS version \"05.65.00.BD\" and earlier, GT1450-QLBDE CoreOS version \"05.65.00.BD\" and earlier, GT1455HS-QTBDE CoreOS version \"05.65.00.BD\" and earlier, and GT1450HS-QMBDE CoreOS version \"05.65.00.BD\" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
]
}

2
2020/6xxx/CVE-2020-6020.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator."
"value": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator."
}
]
}

17
2020/7xxx/CVE-2020-7766.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939",
"name": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"
"refsource": "MISC",
"url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174",
"name": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package json-ptr.\n The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true.\r\n\r\nThe function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.\r\n\r\n"
"value": "This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution."
}
]
},