admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-24 15:01:10 +00:00
parent f8a9bc587c
commit c956c51be2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 635 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2015/9xxx/CVE-2015-9542.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-9542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2015-9542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0",
"refsource": "MISC",
"name": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200222 [SECURITY] [DLA 2116-1] libpam-radius-auth security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542"
}
]
}

5
2018/5xxx/CVE-2018-5399.json
View File

@ -96,6 +96,11 @@
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},

5
2018/5xxx/CVE-2018-5400.json
View File

@ -108,6 +108,11 @@
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},

5
2018/5xxx/CVE-2018-5401.json
View File

@ -108,6 +108,11 @@
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},

5
2018/5xxx/CVE-2018-5402.json
View File

@ -96,6 +96,11 @@
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},

72
2019/18xxx/CVE-2019-18182.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/tree/src/pacman/conf.c?h=v5.1.3#n263"
},
{
"url": "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
"url": "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml"
}
]
}
}

72
2019/18xxx/CVE-2019-18183.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/tree/lib/libalpm/sync.c?h=v5.1.3#n767"
},
{
"url": "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/commit/?id=c0e9be7973be6c81b22fde91516fb8991e7bb07b"
},
{
"refsource": "MISC",
"name": "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml",
"url": "https://github.com/alpinelinux/alpine-secdb/blob/master/v3.11/community.yaml"
}
]
}
}

76
2019/20xxx/CVE-2019-20480.json Normal file
View File

@ -0,0 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the \"admin panel\" because there is no CSRF protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en-us/advisories/vde-2019-010",
"refsource": "MISC",
"name": "https://cert.vde.com/en-us/advisories/vde-2019-010"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.0"
}
}
}

76
2019/20xxx/CVE-2019-20481.json Normal file
View File

@ -0,0 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en-us/advisories/vde-2019-010",
"refsource": "MISC",
"name": "https://cert.vde.com/en-us/advisories/vde-2019-010"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.0"
}
}
}

61
2020/5xxx/CVE-2020-5186.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dnnsoftware/Dnn.Platform/releases",
"refsource": "MISC",
"name": "https://github.com/dnnsoftware/Dnn.Platform/releases"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html",
"url": "https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html"
}
]
}

61
2020/5xxx/CVE-2020-5187.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5187",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-5187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dnnsoftware/Dnn.Platform/releases",
"refsource": "MISC",
"name": "https://github.com/dnnsoftware/Dnn.Platform/releases"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html"
}
]
}

61
2020/5xxx/CVE-2020-5188.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dnnsoftware/Dnn.Platform/releases",
"refsource": "MISC",
"name": "https://github.com/dnnsoftware/Dnn.Platform/releases"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html",
"url": "http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html"
}
]
}

50
2020/8xxx/CVE-2020-8130.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/ruby/ruby",
"version": {
"version_data": [
{
"version_value": "Fixed in Rake 12.3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/651518",
"url": "https://hackerone.com/reports/651518"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`."
}
]
}

50
2020/8xxx/CVE-2020-8131.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "yarn",
"version": {
"version_data": [
{
"version_value": "Fixed Version: 1.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/730239",
"url": "https://hackerone.com/reports/730239"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package."
}
]
}