admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-17 19:01:17 +00:00
parent b62647ad8a
commit dac7f3de17
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
24 changed files with 111 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2007/6xxx/CVE-2007-6070.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2007-6070",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

2
2019/17xxx/CVE-2019-17634.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. "
"value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer."
}
]
},

2
2019/17xxx/CVE-2019-17635.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. "
"value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system."
}
]
},

3
2019/19xxx/CVE-2019-19339.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19339",
"ASSIGNER": "msiddiqu@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

5
2019/20xxx/CVE-2019-20009.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20010.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20011.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20012.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20013.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20014.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/20xxx/CVE-2019-20015.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9770.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9771.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9772.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9773.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9774.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9775.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9776.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9777.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9778.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2019/9xxx/CVE-2019-9779.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "107447",
"url": "http://www.securityfocus.com/bid/107447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
}
]
}

5
2020/2xxx/CVE-2020-2656.json
View File

@ -66,6 +66,11 @@
"refsource": "BUGTRAQ",
"name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock",
"url": "https://seclists.org/bugtraq/2020/Jan/23"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html"
}
]
}

5
2020/2xxx/CVE-2020-2696.json
View File

@ -67,6 +67,11 @@
"refsource": "BUGTRAQ",
"name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession",
"url": "https://seclists.org/bugtraq/2020/Jan/22"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html"
}
]
}

2
2020/5xxx/CVE-2020-5397.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.\n\nOnly non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. \n\nNo HTTP body can be sent or received as a result of this attack."
"value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack."
}
]
},