Categories
NVD NVD Nist GOV

NVD – CVE-2019-5317

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10579

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10580

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10581

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10582

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10583

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-10584

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2020-1946

Modified


This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

View Analysis Description

Analysis Description

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) NIST   Apache Software Foundation  

Change History

3 change records found show changes

CVE Modified by Apache Software Foundation 3/30/2021 10:15:13 PM

Action Type Old Value New Value
Added Reference
https://lists.fedoraproject.org/archives/list/[email protected]/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/ [No Types Assigned]

CVE Modified by Apache Software Foundation 3/28/2021 8:15:13 AM

Action Type Old Value New Value
Added Reference
https://www.debian.org/security/2021/dsa-4879 [No Types Assigned]

Initial Analysis 3/26/2021 9:28:53 PM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.5
Added CVSS V2
NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE
NIST CWE-78
Changed Reference Type
https://s.apache.org/3r1wh No Types Assigned
https://s.apache.org/3r1wh Mailing List, Vendor Advisory
Categories
NVD NVD Nist GOV

NVD – CVE-2020-19625

CVE-2020-19625 Detail

Current Description

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.

View Analysis Description

Analysis Description

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information NIST  

Change History

1 change records found show changes

Initial Analysis 3/29/2021 12:18:42 PM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:*
Added CVSS V2
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE
NIST NVD-CWE-noinfo
Changed Reference Type
http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf No Types Assigned
http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf Exploit, Third Party Advisory
Changed Reference Type
https://github.com/oria/gridx/issues/433 No Types Assigned
https://github.com/oria/gridx/issues/433 Exploit, Issue Tracking, Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2020-19625
NVD Published Date:
03/26/2021
NVD Last Modified:
03/29/2021
Source:
MITRE

Categories
NVD NVD Nist GOV

NVD – CVE-2020-19626

CVE-2020-19626 Detail

Current Description

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

View Analysis Description

Analysis Description

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) NIST  

Change History

1 change records found show changes

Initial Analysis 3/26/2021 3:27:14 PM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:craftcms:craft_cms:3.1.31:*:*:*:*:*:*:*
Added CVSS V2
NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Added CVSS V2 Metadata
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1
NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Added CWE
NIST CWE-79
Changed Reference Type
http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf No Types Assigned
http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf Exploit, Third Party Advisory
Changed Reference Type
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff No Types Assigned
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff Patch, Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2020-19626
NVD Published Date:
03/26/2021
NVD Last Modified:
03/26/2021
Source:
MITRE