admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-25 00:01:30 +00:00
parent f8845ccdd7
commit 0cabd54eba
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 110 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2019/18xxx/CVE-2019-18244.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Vision",
"product_name": "OSIsoft PI System multiple products and versions",
"version": {
"version_data": [
{
"version_value": "PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019"
"version_value": "OSIsoft PI System multiple products and versions"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "INCLUSION OF SENSITIVE INFORMATION IN LOG FILES CWE-532"
"value": "INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06"
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019. The affected product records the service account password in the installation log files when a non-default service account and password are specified during installation or upgrade."
"value": "In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue."
}
]
}

50
2020/10xxx/CVE-2020-10604.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI System multiple products and versions",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI System multiple products and versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCAUGHT EXCEPTION CWE-248"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive."
}
]
}

50
2020/10xxx/CVE-2020-10614.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI System multiple products and versions",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI System multiple products and versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display."
}
]
}

10
2020/1xxx/CVE-2020-1935.json
View File

@ -104,6 +104,16 @@
"refsource": "MLIST",
"name": "[tomcat-users] 20200724 CVE-2020-1935",
"url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
"url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
"url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E"
}
]
},