admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-23 16:01:53 +00:00
parent aeb19a987b
commit cb6d67ba4e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 326 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/20xxx/CVE-2018-20805.json
View File

@ -43,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10.\nThis issue affects:\nMongoDB Inc. MongoDB Server\n3.6 versions prior to 3.6.10;\n4.0 versions prior to 4.0.5." "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5."
} }
] ]
}, },

5
2019/10xxx/CVE-2019-10086.json
View File

@ -218,6 +218,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086", "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E" "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
} }
] ]
}, },

62
2019/14xxx/CVE-2019-14553.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14553",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=960",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=960"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access."
}
]
}
}

62
2019/14xxx/CVE-2019-14559.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14559",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access."
}
]
}
}

62
2019/14xxx/CVE-2019-14562.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14562",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access."
}
]
}
}

4
2020/1xxx/CVE-2020-1778.json
View File

@ -34,7 +34,7 @@
"credit": [ "credit": [
{ {
"lang": "eng", "lang": "eng",
"value": "László Gyaraki " "value": "L\u00e1szl\u00f3 Gyaraki "
} }
], ],
"data_format": "MITRE", "data_format": "MITRE",
@ -44,7 +44,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. \n\nThis issue affects\nOTRS;\n8.0.9 and prior versions." "value": "When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions."
} }
] ]
}, },

2
2020/24xxx/CVE-2020-24890.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution." "value": "** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way."
} }
] ]
}, },

5
2020/27xxx/CVE-2020-27216.json
View File

@ -115,6 +115,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201123-0005/", "name": "https://security.netapp.com/advisory/ntap-20201123-0005/",
"url": "https://security.netapp.com/advisory/ntap-20201123-0005/" "url": "https://security.netapp.com/advisory/ntap-20201123-0005/"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20201123 Owasp test failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed1b16fb@%3Cdev.zookeeper.apache.org%3E"
} }
] ]
} }

50
2020/28xxx/CVE-2020-28421.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-28421", "ID": "CVE-2020-28421",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "vuln@ca.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CA Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value": "20.1, 9.2.0, 9.1.0, 9.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565",
"url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges."
} }
] ]
} }

18
2020/28xxx/CVE-2020-28979.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28980.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28981.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28982.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

12
2020/7xxx/CVE-2020-7777.json
View File

@ -48,12 +48,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670" "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670",
"name": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670"
}, },
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875" "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875",
"name": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875"
} }
] ]
}, },
@ -61,7 +63,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This affects all versions of package jsen.\n If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine.\r\nIn the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable.\r\n\r\nIn particular the required field of the schema is not properly sanitized.\r\nThe resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.\r\n\r\n" "value": "This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution."
} }
] ]
}, },