admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-10 18:01:32 +00:00
parent a1222a5d2e
commit 0aaf7813c1
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
32 changed files with 813 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2019/5xxx/CVE-2019-5731.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5731",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5731",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none."
}
]
}

14
2019/5xxx/CVE-2019-5732.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5732",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5732",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none."
}
]
}

14
2019/5xxx/CVE-2019-5735.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5735",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5735",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none."
}
]
}

62
2020/0xxx/CVE-2020-0113.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0113",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913"
}
]
}
}

62
2020/0xxx/CVE-2020-0114.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0114",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347"
}
]
}
}

62
2020/0xxx/CVE-2020-0115.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0115",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1 Android-9 Android-10 Android-8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428"
}
]
}
}

62
2020/0xxx/CVE-2020-0116.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0116",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809"
}
]
}
}

62
2020/0xxx/CVE-2020-0117.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0117",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1 Android-9 Android-10 Android-8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194"
}
]
}
}

62
2020/0xxx/CVE-2020-0118.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0118",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694"
}
]
}
}

62
2020/0xxx/CVE-2020-0119.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0119",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247"
}
]
}
}

62
2020/0xxx/CVE-2020-0121.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0121",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-06-01",
"url": "https://source.android.com/security/bulletin/2020-06-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766"
}
]
}
}

67
2020/11xxx/CVE-2020-11798.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11798",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005"
},
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin-20-0005-01.pdf",
"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin-20-0005-01.pdf"
}
]
}

5
2020/12xxx/CVE-2020-12672.json
View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0779",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0788",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html"
}
]
}

5
2020/13xxx/CVE-2020-13696.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/06/04/6",
"url": "http://www.openwall.com/lists/oss-security/2020/06/04/6"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0787",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html"
}
]
}

62
2020/14xxx/CVE-2020-14010.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://knassar702.github.io/cve/xenon/",
"refsource": "MISC",
"name": "https://knassar702.github.io/cve/xenon/"
}
]
}
}

18
2020/14xxx/CVE-2020-14011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/14xxx/CVE-2020-14012.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/osTicket/osTicket/issues/5514",
"refsource": "MISC",
"name": "https://github.com/osTicket/osTicket/issues/5514"
}
]
}
}

5
2020/1xxx/CVE-2020-1021.json
View File

@ -194,6 +194,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1021",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1021"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158028/Microsoft-Windows-Privilege-Escalation-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/158028/Microsoft-Windows-Privilege-Escalation-Code-Execution.html"
}
]
}

5
2020/1xxx/CVE-2020-1281.json
View File

@ -285,6 +285,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158028/Microsoft-Windows-Privilege-Escalation-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/158028/Microsoft-Windows-Privilege-Escalation-Code-Execution.html"
}
]
}

7
2020/1xxx/CVE-2020-1994.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.\n\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7.\n"
"value": "A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1994"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1994",
"name": "https://security.paloaltonetworks.com/CVE-2020-1994"
}
]
},

7
2020/2xxx/CVE-2020-2010.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.\nThis issue affects:\nAll versions of PAN-OS 7.1 and 8.0;\nPAN-OS 8.1 versions earlier than 8.1.14;\nPAN-OS 9.0 versions earlier than 9.0.7."
"value": "An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2010"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2010",
"name": "https://security.paloaltonetworks.com/CVE-2020-2010"
}
]
},

7
2020/2xxx/CVE-2020-2012.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.\n\nThis issue affects:\nAll versions of PAN-OS for Panorama 7.1 and 8.0;\nPAN-OS for Panorama 8.1 versions earlier than 8.1.13;\nPAN-OS for Panorama 9.0 versions earlier than 9.0.7.\n"
"value": "Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2012"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2012",
"name": "https://security.paloaltonetworks.com/CVE-2020-2012"
}
]
},

7
2020/2xxx/CVE-2020-2015.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.7;\nPAN-OS 9.1 versions earlier than 9.1.1;\nAll versions of PAN-OS 8.0.\n\n"
"value": "A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0."
}
]
},
@ -122,8 +122,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015",
"name": "https://security.paloaltonetworks.com/CVE-2020-2015"
}
]
},

7
2020/2xxx/CVE-2020-2016.json
View File

@ -83,7 +83,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.\n\nThis allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user.\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
"value": "A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
}
]
},
@ -127,8 +127,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2016",
"name": "https://security.paloaltonetworks.com/CVE-2020-2016"
}
]
},

7
2020/2xxx/CVE-2020-2017.json
View File

@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.\nA remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.\n\nThis issue affects:\nPAN-OS 7.1 versions earlier than 7.1.26;\nPAN-OS 8.1 versions earlier than 8.1.13;\nPAN-OS 9.0 versions earlier than 9.0.6;\nAll versions of PAN-OS 8.0."
"value": "A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0."
}
]
},
@ -117,8 +117,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017",
"name": "https://security.paloaltonetworks.com/CVE-2020-2017"
}
]
},

35
2020/2xxx/CVE-2020-2023.json
View File

@ -98,32 +98,39 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2477"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/pull/2487",
"name": "https://github.com/kata-containers/runtime/pull/2487"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/issues/2488"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/pull/2477",
"name": "https://github.com/kata-containers/runtime/pull/2477"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2487"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/issues/2488",
"name": "https://github.com/kata-containers/runtime/issues/2488"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/agent/issues/791"
"refsource": "MISC",
"url": "https://github.com/kata-containers/agent/issues/791",
"name": "https://github.com/kata-containers/agent/issues/791"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/agent/pull/792"
"refsource": "MISC",
"url": "https://github.com/kata-containers/agent/pull/792",
"name": "https://github.com/kata-containers/agent/pull/792"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
"name": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
"name": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
]
},

22
2020/2xxx/CVE-2020-2026.json
View File

@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects:\nKata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions."
"value": "A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions."
}
]
},
@ -98,20 +98,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/issues/2712"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
"name": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/pull/2713"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
"name": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/issues/2712",
"name": "https://github.com/kata-containers/runtime/issues/2712"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/pull/2713",
"name": "https://github.com/kata-containers/runtime/pull/2713"
}
]
},

7
2020/2xxx/CVE-2020-2027.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.\nThis issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7."
"value": "A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7."
}
]
},
@ -106,8 +106,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2027"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2027",
"name": "https://security.paloaltonetworks.com/CVE-2020-2027"
}
]
},

7
2020/2xxx/CVE-2020-2028.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode.\nThis issue affects:\nAll versions of PAN-OS 7.1 and PAN-OS 8.0;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.7.\n"
"value": "An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2028"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2028",
"name": "https://security.paloaltonetworks.com/CVE-2020-2028"
}
]
},

9
2020/2xxx/CVE-2020-2029.json
View File

@ -64,7 +64,7 @@
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Przemysław Kowalski of STM Solutions for discovering and reporting this issue."
"value": "Palo Alto Networks thanks Przemys\u0142aw Kowalski of STM Solutions for discovering and reporting this issue."
}
],
"data_format": "MITRE",
@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration.\nThis issue affects:\nAll versions of PAN-OS 8.0;\nPAN-OS 7.1 versions earlier than PAN-OS 7.1.26;\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.13."
"value": "An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13."
}
]
},
@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2029"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2029",
"name": "https://security.paloaltonetworks.com/CVE-2020-2029"
}
]
},

7
2020/2xxx/CVE-2020-2032.json
View File

@ -63,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges.\nThis issue can be exploited only while performing a GlobalProtect app upgrade.\nThis issue affects:\nGlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows;\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows."
"value": "A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows."
}
]
},
@ -101,8 +101,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2032"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2032",
"name": "https://security.paloaltonetworks.com/CVE-2020-2032"
}
]
},

7
2020/2xxx/CVE-2020-2033.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users.\nThis issue affects:\nGlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled;\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled."
"value": "When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled."
}
]
},
@ -105,8 +105,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-2033"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2033",
"name": "https://security.paloaltonetworks.com/CVE-2020-2033"
}
]
},