admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-21 18:01:14 +00:00
parent 722c39acc8
commit d0ae85f5a1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 203 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2015/1xxx/CVE-2015-1861.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1861",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

53
2015/2xxx/CVE-2015-2784.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2784",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579",
"url": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md",
"url": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md"
}
]
}

9
2019/14xxx/CVE-2019-14902.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14902",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -50,7 +51,9 @@
"references": {
"reference_data": [
{
"url": "https://www.samba.org/samba/security/CVE-2019-14902.html"
"url": "https://www.samba.org/samba/security/CVE-2019-14902.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-14902.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902",
@ -77,4 +80,4 @@
]
]
}
}
}

7
2019/14xxx/CVE-2019-14907.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14907",
"ASSIGNER": "gsuckevi@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -55,7 +56,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://www.samba.org/samba/security/CVE-2019-14907.html"
"url": "https://www.samba.org/samba/security/CVE-2019-14907.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-14907.html"
}
]
},

2
2019/17xxx/CVE-2019-17361.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host."
"value": "In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host."
}
]
},

72
2019/18xxx/CVE-2019-18932.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1150554",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1150554"
},
{
"url": "https://sourceforge.net/projects/sarg/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/sarg/"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/20/6",
"url": "http://www.openwall.com/lists/oss-security/2020/01/20/6"
}
]
}
}

9
2019/19xxx/CVE-2019-19344.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19344",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -55,7 +56,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://www.samba.org/samba/security/CVE-2019-19344.html"
"url": "https://www.samba.org/samba/security/CVE-2019-19344.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-19344.html"
}
]
},
@ -77,4 +80,4 @@
]
]
}
}
}

61
2020/5xxx/CVE-2020-5202.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-5202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2020-5202",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2020-5202"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/20/4",
"url": "http://www.openwall.com/lists/oss-security/2020/01/20/4"
}
]
}