admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-30 13:01:36 +00:00
parent 69d12d2dca
commit 051f53da6c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
18 changed files with 885 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
2018/1000xxx/CVE-2018-1000049.json
View File

@ -73,6 +73,31 @@
"name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/",
"refsource": "MISC",
"url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"
},
{
"refsource": "MISC",
"name": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce",
"url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"
},
{
"refsource": "MISC",
"name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution",
"url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"
}
]
}

50
2020/10xxx/CVE-2020-10713.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grub",
"version": {
"version_data": [
{
"version_value": "All grub2 versions before 2.06"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

50
2020/14xxx/CVE-2020-14309.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Grub",
"version": {
"version_data": [
{
"version_value": "All grub2 versions before 2.06"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound leading to Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data."
}
]
}

5
2020/15xxx/CVE-2020-15954.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.kde.org/show_bug.cgi?id=423426",
"refsource": "MISC",
"name": "https://bugs.kde.org/show_bug.cgi?id=423426"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200730 [SECURITY] [DLA 2300-1] kdepim-runtime security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00030.html"
}
]
}

186
2020/4xxx/CVE-2020-4185.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6254369 (Security Guardium)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6254369",
"url" : "https://www.ibm.com/support/pages/node/6254369"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174803",
"name" : "ibm-guardium-cve20204185-info-disc (174803)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"AC" : "H",
"SCORE" : "5.900",
"C" : "H",
"A" : "N",
"I" : "N",
"PR" : "N",
"UI" : "N",
"S" : "U"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803."
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.6"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4185",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-07-29T00:00:00"
}
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6254369 (Security Guardium)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6254369",
"url": "https://www.ibm.com/support/pages/node/6254369"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174803",
"name": "ibm-guardium-cve20204185-info-disc (174803)",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"AC": "H",
"SCORE": "5.900",
"C": "H",
"A": "N",
"I": "N",
"PR": "N",
"UI": "N",
"S": "U"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803."
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.6"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4185",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-29T00:00:00"
}
}

188
2020/4xxx/CVE-2020-4186.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4186",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-07-29T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.6"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"AC" : "L",
"SCORE" : "5.300",
"AV" : "N",
"UI" : "N",
"S" : "U",
"PR" : "N",
"I" : "N",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4186",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-29T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.6"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6254367 (Security Guardium)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6254367",
"url" : "https://www.ibm.com/support/pages/node/6254367"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-guardium-cve20204186-info-disc (174804)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174804"
}
]
}
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"AC": "L",
"SCORE": "5.300",
"AV": "N",
"UI": "N",
"S": "U",
"PR": "N",
"I": "N",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6254367 (Security Guardium)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6254367",
"url": "https://www.ibm.com/support/pages/node/6254367"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-guardium-cve20204186-info-disc (174804)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174804"
}
]
}
}

50
2020/8xxx/CVE-2020-8192.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "fastify",
"version": {
"version_data": [
{
"version_value": "Fixed in v2.15.1 and v3.0.0-rc.5. v1 not affected."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/903521",
"url": "https://hackerone.com/reports/903521"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas."
}
]
}

55
2020/8xxx/CVE-2020-8202.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Preferred Providers",
"version": {
"version_data": [
{
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Brute Force (CWE-307)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-028",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-028"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/840598",
"url": "https://hackerone.com/reports/840598"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password."
}
]
}

50
2020/8xxx/CVE-2020-8204.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page."
}
]
}

50
2020/8xxx/CVE-2020-8206.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication - Generic (CWE-287)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP."
}
]
}

55
2020/8xxx/CVE-2020-8213.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Protect for UniFi Cloud Key Gen2 Plus",
"version": {
"version_data": [
{
"version_value": "Fixed on UniFi Protect 1.13.4-beta.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through an Error Message (CWE-209)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://community.ui.com/releases/UniFi-Protect-1-13-4-beta-2/405d4cf9-e538-48d1-8825-36657a692f3f",
"url": "https://community.ui.com/releases/UniFi-Protect-1-13-4-beta-2/405d4cf9-e538-48d1-8825-36657a692f3f"
},
{
"refsource": "MISC",
"name": "https://community.ui.com/questions/CloudKey-Plus-CK-How-to-get-on-the-beta-release-channel/c26acdf8-321c-49b6-8f0d-9d7d99bf6aee",
"url": "https://community.ui.com/questions/CloudKey-Plus-CK-How-to-get-on-the-beta-release-channel/c26acdf8-321c-49b6-8f0d-9d7d99bf6aee"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information exposure vulnerability exists in UniFi Protect v1.13.3 and prior that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing."
}
]
}

50
2020/8xxx/CVE-2020-8216.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID."
}
]
}

50
2020/8xxx/CVE-2020-8217.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA."
}
]
}

50
2020/8xxx/CVE-2020-8218.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A code injection vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
}
]
}

50
2020/8xxx/CVE-2020-8219.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator."
}
]
}

50
2020/8xxx/CVE-2020-8220.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS."
}
]
}

50
2020/8xxx/CVE-2020-8221.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface."
}
]
}

50
2020/8xxx/CVE-2020-8222.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "Fixed in 9.1R8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting."
}
]
}