admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-09 18:01:43 +00:00
parent d241e4e7eb
commit d4dbc37453
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
18 changed files with 238 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/23xxx/CVE-2020-23136.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microweber v1.1.18 is affected by no session expiry after log-out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://microweber.com",
"refsource": "MISC",
"name": "http://microweber.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/virendratiwari03/0b0d161e1141fdd74122abbb02fefe17",
"url": "https://gist.github.com/virendratiwari03/0b0d161e1141fdd74122abbb02fefe17"
}
]
}

61
2020/23xxx/CVE-2020-23138.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3",
"url": "https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170",
"url": "https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170"
}
]
}

56
2020/23xxx/CVE-2020-23139.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23139",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/virendratiwari03/9fdebe4d0b379d1996238b535add56d6",
"url": "https://gist.github.com/virendratiwari03/9fdebe4d0b379d1996238b535add56d6"
}
]
}

56
2020/23xxx/CVE-2020-23140.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36",
"url": "https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36"
}
]
}

7
2020/25xxx/CVE-2020-25248.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for reading files, as demonstrated by the FileName parameter."
"value": "An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter."
}
]
},
@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2020/Oct/9"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/9",
"url": "https://seclists.org/fulldisclosure/2020/Oct/9"
}
]
}

2
2020/25xxx/CVE-2020-25249.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations."
}
]
},

2
2020/25xxx/CVE-2020-25250.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client applications can write arbitrary data to the server logs."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs."
}
]
},

2
2020/25xxx/CVE-2020-25251.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information."
}
]
},

2
2020/25xxx/CVE-2020-25252.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account)."
"value": "An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account)."
}
]
},

2
2020/25xxx/CVE-2020-25253.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter."
}
]
},

7
2020/25xxx/CVE-2020-25254.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer."
}
]
},
@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2020/Oct/9"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/9",
"url": "https://seclists.org/fulldisclosure/2020/Oct/9"
}
]
}

2
2020/25xxx/CVE-2020-25255.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry."
}
]
},

2
2020/25xxx/CVE-2020-25256.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers' installations."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations."
}
]
},

2
2020/25xxx/CVE-2020-25257.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows XXE attacks for read/write access to arbitrary files."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files."
}
]
},

2
2020/25xxx/CVE-2020-25258.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages."
}
]
},

2
2020/25xxx/CVE-2020-25259.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner."
}
]
},

2
2020/25xxx/CVE-2020-25260.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization."
"value": "An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization."
}
]
},

5
2020/27xxx/CVE-2020-27853.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689",
"refsource": "MISC",
"name": "https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689"
},
{
"refsource": "MISC",
"name": "http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html",
"url": "http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html"
}
]
}