admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-15 22:00:35 +00:00
parent 11b85d8ad0
commit d35b9e1e17
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 205 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2020/17xxx/CVE-2020-17354.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage",
"refsource": "MISC",
"name": "http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T259210",
"url": "https://phabricator.wikimedia.org/T259210"
},
{
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory",
"url": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory"
},
{
"refsource": "MISC",
"name": "https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/",
"url": "https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/"
},
{
"refsource": "CONFIRM",
"name": "https://gitlab.com/lilypond/lilypond/-/merge_requests/1522",
"url": "https://gitlab.com/lilypond/lilypond/-/merge_requests/1522"
},
{
"refsource": "MISC",
"name": "https://lilypond.org/download.html",
"url": "https://lilypond.org/download.html"
}
]
}

76
2020/29xxx/CVE-2020-29007.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/seqred-s-a/cve-2020-29007",
"refsource": "MISC",
"name": "https://github.com/seqred-s-a/cve-2020-29007"
},
{
"url": "https://www.mediawiki.org/wiki/Extension:Score",
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T257062",
"url": "https://phabricator.wikimedia.org/T257062"
},
{
"refsource": "MISC",
"name": "https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/",
"url": "https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/"
},
{
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory",
"url": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory"
}
]
}

66
2021/43xxx/CVE-2021-43612.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lldpd.github.io/security.html",
"refsource": "MISC",
"name": "https://lldpd.github.io/security.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7",
"url": "https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13",
"url": "https://github.com/lldpd/lldpd/compare/1.0.12...1.0.13"
}
]
}