admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-18 15:01:12 +00:00
parent 28016a6b68
commit f3add869fa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 363 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2013/4xxx/CVE-2013-4227.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4227",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Persona",
"version": {
"version_data": [
{
"version_value": "7.x-1.x versions prior to 7.x-1.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://drupal.org/node/2059599",
"url": "https://drupal.org/node/2059599"
},
{
"refsource": "MISC",
"name": "http://drupalcode.org/project/persona.git/commitdiff/fe0f9bb",
"url": "http://drupalcode.org/project/persona.git/commitdiff/fe0f9bb"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/10/1",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/2058655",
"url": "https://drupal.org/node/2058655"
}
]
}

53
2014/4xxx/CVE-2014-4966.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4966",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ocert.org/advisories/ocert-2014-004.html",
"url": "http://www.ocert.org/advisories/ocert-2014-004.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
"url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"
}
]
}

53
2014/4xxx/CVE-2014-4967.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4967",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ocert.org/advisories/ocert-2014-004.html",
"url": "http://www.ocert.org/advisories/ocert-2014-004.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
"url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"
}
]
}

5
2019/15xxx/CVE-2019-15961.json
View File

@ -91,6 +91,11 @@
"refsource": "UBUNTU",
"name": "USN-4230-2",
"url": "https://usn.ubuntu.com/4230-2/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2108-1] clamav security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"
}
]
},

5
2020/1xxx/CVE-2020-1930.json
View File

@ -83,6 +83,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-bd20036cdc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
}
]
},

5
2020/1xxx/CVE-2020-1931.json
View File

@ -78,6 +78,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-bd20036cdc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
}
]
},

61
2020/6xxx/CVE-2020-6844.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6844",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://websec.nl/news.php",
"refsource": "MISC",
"name": "https://websec.nl/news.php"
},
{
"refsource": "EXPLOIT-DB",
"name": "47960",
"url": "https://www.exploit-db.com/exploits/47960"
}
]
}

61
2020/6xxx/CVE-2020-6845.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://websec.nl/news.php",
"refsource": "MISC",
"name": "https://websec.nl/news.php"
},
{
"refsource": "EXPLOIT-DB",
"name": "47960",
"url": "https://www.exploit-db.com/exploits/47960"
}
]
}

5
2020/8xxx/CVE-2020-8644.json
View File

@ -61,6 +61,11 @@
"url": "https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704",
"refsource": "MISC",
"name": "https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704"
},
{
"refsource": "MISC",
"name": "https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/",
"url": "https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/"
}
]
}

4
2020/8xxx/CVE-2020-8998.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-8998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

67
2020/9xxx/CVE-2020-9264.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.eset.com/en/ca7387-modules-review-december-2019",
"refsource": "MISC",
"name": "https://support.eset.com/en/ca7387-modules-review-december-2019"
},
{
"url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html",
"refsource": "MISC",
"name": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html"
}
]
}
}