admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-15 19:01:47 +00:00
parent f753c9661b
commit 08708a78da
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 459 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2020/10xxx/CVE-2020-10759.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "fwupd",
"version": {
"version_data": [
{
"version_value": "all verions of fwupd"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md",
"url": "https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1844316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844316"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity."
}
]
}

60
2020/14xxx/CVE-2020-14331.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "All versions of the Linux kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/07/28/2",
"url": "https://www.openwall.com/lists/oss-security/2020/07/28/2"
},
{
"refsource": "MISC",
"name": "https://lists.openwall.net/linux-kernel/2020/07/29/234",
"url": "https://lists.openwall.net/linux-kernel/2020/07/29/234"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1858679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858679"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel\u2019s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2020/14xxx/CVE-2020-14346.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14346",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before xorg-x11-server 1.20.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html",
"url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1862246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862246"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2020/14xxx/CVE-2020-14361.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before xorg-x11-server 1.20.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html",
"url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1869142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869142"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2020/14xxx/CVE-2020-14362.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "before xorg-x11-server 1.20.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html",
"url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1869144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869144"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

3
2020/15xxx/CVE-2020-15172.json
View File

@ -76,7 +76,8 @@
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347"
"url": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347",
"name": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347"
}
]
},

2
2020/15xxx/CVE-2020-15179.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover.\nThis has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely."
"value": "The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely."
}
]
},

5
2020/25xxx/CVE-2020-25540.json
View File

@ -61,6 +61,11 @@
"url": "https://wtfsec.org/posts/thinkadmin-v6-%E5%88%97%E7%9B%AE%E5%BD%95-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/",
"refsource": "MISC",
"name": "https://wtfsec.org/posts/thinkadmin-v6-%E5%88%97%E7%9B%AE%E5%BD%95-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html",
"url": "http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html"
}
]
}

372
2020/9xxx/CVE-2020-9416.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-09-15T17:00:00Z",
"ID": "CVE-2020-9416",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker's injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-09-15T17:00:00Z",
"ID": "CVE-2020-9416",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker's injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}