admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-09 19:01:11 +00:00
parent 9195532bf3
commit d52cefb815
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
25 changed files with 848 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2011/3xxx/CVE-2011-3269.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3269",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf",
"refsource": "MISC",
"name": "http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf"
}
]
}

48
2011/4xxx/CVE-2011-4538.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4538",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf",
"refsource": "MISC",
"name": "http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf"
}
]
}

5
2013/2xxx/CVE-2013-2165.json
View File

@ -96,6 +96,11 @@
"name": "RHSA-2013:1042",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
}
]
}

5
2015/0xxx/CVE-2015-0279.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
}
]
}

48
2016/1xxx/CVE-2016-1487.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1487",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US",
"refsource": "MISC",
"name": "http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US"
}
]
}

5
2018/14xxx/CVE-2018-14667.json
View File

@ -91,6 +91,11 @@
"name": "1042037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042037"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
}
]
}

67
2019/19xxx/CVE-2019-19614.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19614",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/",
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/"
}
]
}

5
2019/1xxx/CVE-2019-1458.json
View File

@ -129,6 +129,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html"
}
]
}

5
2020/10xxx/CVE-2020-10110.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Mar/7",
"url": "https://seclists.org/fulldisclosure/2020/Mar/7"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html"
}
]
}

5
2020/10xxx/CVE-2020-10111.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Mar/11",
"url": "http://seclists.org/fulldisclosure/2020/Mar/11"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html",
"url": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html"
}
]
}

5
2020/10xxx/CVE-2020-10112.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Mar/8",
"url": "http://seclists.org/fulldisclosure/2020/Mar/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html",
"url": "http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html"
}
]
}

67
2020/10xxx/CVE-2020-10190.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10190",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10190",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-SQL-injection",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-SQL-injection"
}
]
}

67
2020/10xxx/CVE-2020-10191.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10191",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10191",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-Comment-XSS",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-Comment-XSS"
}
]
}

67
2020/10xxx/CVE-2020-10192.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10192",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200309-XSS-vulnerability",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200309-XSS-vulnerability"
}
]
}

62
2020/10xxx/CVE-2020-10244.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JPaseto before 0.3.0 generates weak hashes when using v2.local tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0",
"url": "https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0"
}
]
}
}

18
2020/10xxx/CVE-2020-10245.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/10xxx/CVE-2020-10246.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491"
}
]
}
}

62
2020/10xxx/CVE-2020-10247.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed"
}
]
}
}

62
2020/10xxx/CVE-2020-10248.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html",
"refsource": "MISC",
"name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html"
}
]
}
}

62
2020/10xxx/CVE-2020-10249.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html",
"refsource": "MISC",
"name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html"
}
]
}
}

62
2020/10xxx/CVE-2020-10250.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html",
"refsource": "MISC",
"name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html"
}
]
}
}

5
2020/3xxx/CVE-2020-3843.json
View File

@ -49,6 +49,11 @@
"url": "https://support.apple.com/HT210919",
"refsource": "MISC",
"name": "https://support.apple.com/HT210919"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html",
"url": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html"
}
]
},

5
2020/8xxx/CVE-2020-8597.json
View File

@ -111,6 +111,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-571091c70b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html"
}
]
}

5
2020/9xxx/CVE-2020-9364.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20200306 [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form",
"url": "http://seclists.org/fulldisclosure/2020/Mar/13"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html"
}
]
}

62
2020/9xxx/CVE-2020-9758.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9758",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ari034/CVE-2020-9758",
"url": "https://github.com/ari034/CVE-2020-9758"
}
]
}