admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-15 00:01:28 +00:00
parent 82f4e825d3
commit f7a8158375
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/11xxx/CVE-2020-11001.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision\ncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail\nadmin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform\nactions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to\nthe Wagtail admin.\n\nPatched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)."
"value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)."
}
]
},

2
2020/11xxx/CVE-2020-11003.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability.\n\nIf you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website,\nthey could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. \n\nThis has been patched in 2.15.0."
"value": "Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0."
}
]
},

5
2020/5xxx/CVE-2020-5260.json
View File

@ -110,6 +110,11 @@
"name": "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/",
"refsource": "MISC",
"url": "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4657",
"url": "https://www.debian.org/security/2020/dsa-4657"
}
]
},

5
2020/8xxx/CVE-2020-8428.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0336",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4320-1",
"url": "https://usn.ubuntu.com/4320-1/"
}
]
},