mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
fb645f0e04
commit
d6113ec3ef
62
2019/17xxx/CVE-2019-17560.json
Normal file
62
2019/17xxx/CVE-2019-17560.json
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_version": "4.0",
|
||||||
|
"CVE_data_meta": {
|
||||||
|
"ID": "CVE-2019-17560",
|
||||||
|
"ASSIGNER": "security@apache.org",
|
||||||
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "Apache NetBeans",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "through 11.2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Improper Certificate Validation"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E",
|
||||||
|
"url": "https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": {
|
||||||
|
"description_data": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "The \"Apache NetBeans\" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. \u201cApache NetBeans\" versions up to and including 11.2 are affected by this vulnerability."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
62
2019/17xxx/CVE-2019-17561.json
Normal file
62
2019/17xxx/CVE-2019-17561.json
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_version": "4.0",
|
||||||
|
"CVE_data_meta": {
|
||||||
|
"ID": "CVE-2019-17561",
|
||||||
|
"ASSIGNER": "security@apache.org",
|
||||||
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "Apache NetBeans",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "through 11.2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Improper Validation of Integrity Check Value"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E",
|
||||||
|
"url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": {
|
||||||
|
"description_data": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "The \"Apache NetBeans\" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. \"Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
@ -4,14 +4,63 @@
|
|||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2020-7599",
|
"ID": "CVE-2020-7599",
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "report@snyk.io",
|
||||||
"STATE": "RESERVED"
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "com.gradle.plugin-publish",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "all versions before 0.11.0"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Insertion of Sensitive Information into Log File"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866",
|
||||||
|
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://blog.gradle.org/plugin-portal-update",
|
||||||
|
"url": "https://blog.gradle.org/plugin-portal-update"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -4,14 +4,58 @@
|
|||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2020-7610",
|
"ID": "CVE-2020-7610",
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "report@snyk.io",
|
||||||
"STATE": "RESERVED"
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "bson",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "all versions before 1.1.4"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Deserialization of Untrusted Data"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://snyk.io/vuln/SNYK-JS-BSON-561052",
|
||||||
|
"url": "https://snyk.io/vuln/SNYK-JS-BSON-561052"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user