admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-20 21:01:14 +00:00
parent fb944c0998
commit d8e8020b2b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
32 changed files with 710 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/12xxx/CVE-2018-12115.json
View File

@ -87,6 +87,11 @@
"name": "RHSA-2018:2949", "name": "RHSA-2018:2949",
"refsource": "REDHAT", "refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2949" "url": "https://access.redhat.com/errata/RHSA-2018:2949"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/12xxx/CVE-2018-12116.json
View File

@ -61,6 +61,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:1821", "name": "RHSA-2019:1821",
"url": "https://access.redhat.com/errata/RHSA-2019:1821" "url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/12xxx/CVE-2018-12121.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:3497", "name": "RHSA-2019:3497",
"url": "https://access.redhat.com/errata/RHSA-2019:3497" "url": "https://access.redhat.com/errata/RHSA-2019:3497"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/12xxx/CVE-2018-12122.json
View File

@ -66,6 +66,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:1821", "name": "RHSA-2019:1821",
"url": "https://access.redhat.com/errata/RHSA-2019:1821" "url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/12xxx/CVE-2018-12123.json
View File

@ -61,6 +61,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:1821", "name": "RHSA-2019:1821",
"url": "https://access.redhat.com/errata/RHSA-2019:1821" "url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/7xxx/CVE-2018-7161.json
View File

@ -68,6 +68,11 @@
"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/7xxx/CVE-2018-7162.json
View File

@ -65,6 +65,11 @@
"name": "104468", "name": "104468",
"refsource": "BID", "refsource": "BID",
"url": "http://www.securityfocus.com/bid/104468" "url": "http://www.securityfocus.com/bid/104468"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/7xxx/CVE-2018-7164.json
View File

@ -65,6 +65,11 @@
"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

5
2018/7xxx/CVE-2018-7167.json
View File

@ -71,6 +71,11 @@
"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
} }

67
2019/13xxx/CVE-2019-13463.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the \"echo get_the_title()\" or \"echo $term->name\" statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fsimple-link-directory&old=2111131&new_path=%2Fsimple-link-directory&new=2111132&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fsimple-link-directory&old=2111131&new_path=%2Fsimple-link-directory&new=2111132&sfp_email=&sfph_mail="
},
{
"url": "https://wordpress.org/plugins/simple-link-directory/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/simple-link-directory/#developers"
}
]
}
}

62
2019/15xxx/CVE-2019-15522.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1",
"refsource": "MISC",
"name": "https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1"
}
]
}
}

5
2019/15xxx/CVE-2019-15604.json
View File

@ -103,6 +103,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0293", "name": "openSUSE-SU-2020:0293",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

5
2019/15xxx/CVE-2019-15605.json
View File

@ -128,6 +128,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2020:0708", "name": "RHSA-2020:0708",
"url": "https://access.redhat.com/errata/RHSA-2020:0708" "url": "https://access.redhat.com/errata/RHSA-2020:0708"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

5
2019/15xxx/CVE-2019-15606.json
View File

@ -103,6 +103,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0293", "name": "openSUSE-SU-2020:0293",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

77
2019/16xxx/CVE-2019-16528.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T224203",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T224203"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538051/",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538051/"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538053/",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538053/"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538054/",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/538054/"
}
]
}
}

5
2019/16xxx/CVE-2019-16777.json
View File

@ -120,6 +120,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2020:0602", "name": "RHSA-2020:0602",
"url": "https://access.redhat.com/errata/RHSA-2020:0602" "url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

5
2019/16xxx/CVE-2019-16928.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-d778bd4137", "name": "FEDORA-2019-d778bd4137",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-47",
"url": "https://security.gentoo.org/glsa/202003-47"
} }
] ]
} }

5
2019/17xxx/CVE-2019-17190.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community", "name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community",
"url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community" "url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community"
},
{
"refsource": "FULLDISC",
"name": "20200320 LPE in Avast Secure Browser",
"url": "http://seclists.org/fulldisclosure/2020/Mar/25"
} }
] ]
} }

67
2019/18xxx/CVE-2019-18641.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SparkDevNetwork/Rock/compare/1.7.6...1.8.6",
"refsource": "MISC",
"name": "https://github.com/SparkDevNetwork/Rock/compare/1.7.6...1.8.6"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/SparkDevNetwork/Rock/commit/576f5ec22b1c43f123a377612981c68538167c61",
"url": "https://github.com/SparkDevNetwork/Rock/commit/576f5ec22b1c43f123a377612981c68538167c61"
}
]
}
}

67
2019/18xxx/CVE-2019-18860.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/pull/504",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"refsource": "MISC",
"name": "https://github.com/squid-cache/squid/pull/505",
"url": "https://github.com/squid-cache/squid/pull/505"
}
]
}
}

5
2019/5xxx/CVE-2019-5737.json
View File

@ -82,6 +82,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:1821", "name": "RHSA-2019:1821",
"url": "https://access.redhat.com/errata/RHSA-2019:1821" "url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

5
2019/5xxx/CVE-2019-5739.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190502-0008/", "name": "https://security.netapp.com/advisory/ntap-20190502-0008/",
"url": "https://security.netapp.com/advisory/ntap-20190502-0008/" "url": "https://security.netapp.com/advisory/ntap-20190502-0008/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-48",
"url": "https://security.gentoo.org/glsa/202003-48"
} }
] ]
}, },

72
2020/10xxx/CVE-2020-10194.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10194",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10194",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Zimbra/zm-mailbox/compare/8.8.15.p7...8.8.15.p8",
"refsource": "MISC",
"name": "https://github.com/Zimbra/zm-mailbox/compare/8.8.15.p7...8.8.15.p8"
},
{
"refsource": "MISC",
"name": "https://github.com/Zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e",
"url": "https://github.com/Zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/Zimbra/zm-mailbox/pull/1020",
"url": "https://github.com/Zimbra/zm-mailbox/pull/1020"
} }
] ]
} }

5
2020/10xxx/CVE-2020-10667.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html", "name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html" "url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html"
},
{
"refsource": "FULLDISC",
"name": "20200320 Oce Colorwave 500 printer - multiple vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2020/Mar/24"
} }
] ]
} }

5
2020/10xxx/CVE-2020-10668.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html", "name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html" "url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html"
},
{
"refsource": "FULLDISC",
"name": "20200320 Oce Colorwave 500 printer - multiple vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2020/Mar/24"
} }
] ]
} }

5
2020/10xxx/CVE-2020-10669.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html", "name": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html" "url": "http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html"
},
{
"refsource": "FULLDISC",
"name": "20200320 Oce Colorwave 500 printer - multiple vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2020/Mar/24"
} }
] ]
} }

18
2020/10xxx/CVE-2020-10793.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/10xxx/CVE-2020-10794.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/10xxx/CVE-2020-10795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

55
2020/8xxx/CVE-2020-8138.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8138", "ID": "CVE-2020-8138",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 17.0.2, 16.0.7, and 15.0.14"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/736867",
"url": "https://hackerone.com/reports/736867"
},
{
"refsource": "CONFIRM",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-014"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL."
} }
] ]
} }

55
2020/8xxx/CVE-2020-8139.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8139", "ID": "CVE-2020-8139",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 18.0.1, 17.0.4, and 16.0.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/788257",
"url": "https://hackerone.com/reports/788257"
},
{
"refsource": "CONFIRM",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-015",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-015"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL."
} }
] ]
} }

55
2020/8xxx/CVE-2020-8140.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8140", "ID": "CVE-2020-8140",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Desktop Client",
"version": {
"version_data": [
{
"version_value": "Fixed in 2.6.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/633266",
"url": "https://hackerone.com/reports/633266"
},
{
"refsource": "CONFIRM",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-016",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-016"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment."
} }
] ]
} }