admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-08-25 19:01:24 +00:00
parent c1ca92c7ec
commit 068908830f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 290 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/10xxx/CVE-2019-10172.json
View File

@ -108,6 +108,11 @@
"refsource": "MLIST",
"name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172",
"url": "https://lists.apache.org/thread.html/rd3a34d663e2a25b9ab1e8a1a94712cd5f100f098578aec79af48161e@%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20200825 [jira] [Updated] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172",
"url": "https://lists.apache.org/thread.html/r48a32f2dd6976d33f7a12b7e09ec7ea1895f8facba82b565587c28ac@%3Ccommon-issues.hadoop.apache.org%3E"
}
]
},

66
2020/16xxx/CVE-2020-16197.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-16197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/OctopusDeploy/Issues/issues/6531",
"url": "https://github.com/OctopusDeploy/Issues/issues/6531"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OctopusDeploy/Issues/issues/6529",
"url": "https://github.com/OctopusDeploy/Issues/issues/6529"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OctopusDeploy/Issues/issues/6530",
"url": "https://github.com/OctopusDeploy/Issues/issues/6530"
}
]
}

50
2020/16xxx/CVE-2020-16245.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advantech iView",
"version": {
"version_data": [
{
"version_value": "Versions 5.7 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code."
}
]
}

18
2020/24xxx/CVE-2020-24621.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24621",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/24xxx/CVE-2020-24622.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://issues.sonatype.org/browse/NEXUS-25019",
"refsource": "MISC",
"name": "https://issues.sonatype.org/browse/NEXUS-25019"
}
]
}
}

104
2020/7xxx/CVE-2020-7824.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2020-08-21T06:12:00.000Z",
"ID": "CVE-2020-7824",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Ericssonlg iPECS Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iPCES UCM",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "1.0.35",
"version_value": "1.0.0"
},
{
"version_affected": ">=",
"version_name": "2.10.14",
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "Ericsson-LG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Heehyun Kim for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-267 Privilege Defined With Unsafe Actions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://www.ericssonlg.co.kr/",
"name": "http://www.ericssonlg.co.kr/"
},
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to iPECS 1.0.36 or 2.0.17 version or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}