admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-08 19:01:29 +00:00
parent bd63e45425
commit 1725a91171
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 483 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/10xxx/CVE-2020-10814.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10814",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10814",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/codeblocks/code/HEAD/tree/trunk/ChangeLog",
"refsource": "MISC",
"name": "https://sourceforge.net/p/codeblocks/code/HEAD/tree/trunk/ChangeLog"
},
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/codeblocks/tickets/934/",
"url": "https://sourceforge.net/p/codeblocks/tickets/934/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10975.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10975",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10975",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10976.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10976",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10976",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10977.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10977",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10977",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10978.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10978",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10978",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10979.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10979",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10979",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10980.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10980",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10980",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

61
2020/10xxx/CVE-2020-10981.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10981",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10981",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"
} }
] ]
} }

9
2020/1xxx/CVE-2020-1978.json
View File

@ -57,7 +57,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials.\nThese credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves.\nThis issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0.\nThis issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances.\nSince becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us.\nThe TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.\n" "value": "TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials."
} }
] ]
}, },
@ -95,15 +95,16 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1978" "url": "https://security.paloaltonetworks.com/CVE-2020-1978",
"name": "https://security.paloaltonetworks.com/CVE-2020-1978"
} }
] ]
}, },
"solution": [ "solution": [
{ {
"lang": "eng", "lang": "eng",
"value": "This issue is fixed in VM-Series Plugin 1.0.9 for Microsoft Azure.\nCustomers who generated TechSupport files on older versions are advised to change their Azure dashboard credentials. Customers are advised to delete any previously generated TechSupport files.\nInstructions to change the credentials:\n\n1. Create a new Service Principal with a Contributor role in the Azure AD Portal. Instructions to create a new Service Principal can be found here - https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal\n\n2. Update your Azure HA configuration in the PA-VM configuration with the new Service Principal credentials. The steps to update the configuration are provided in “Step 3” of the PA-VM Azure HA configuration guide - https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/configure-activepassive-ha-for-vm-series-firewall-on-azure.html\n\n3. Delete the old Service Principal in the Azure AD Portal that was being used in the Azure HA configuration. Note: If the old Service Principal is used in other applications, then the other applications need to be updated with the new Service Principal.\n" "value": "This issue is fixed in VM-Series Plugin 1.0.9 for Microsoft Azure.\nCustomers who generated TechSupport files on older versions are advised to change their Azure dashboard credentials. Customers are advised to delete any previously generated TechSupport files.\nInstructions to change the credentials:\n\n1. Create a new Service Principal with a Contributor role in the Azure AD Portal. Instructions to create a new Service Principal can be found here - https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal\n\n2. Update your Azure HA configuration in the PA-VM configuration with the new Service Principal credentials. The steps to update the configuration are provided in \u201cStep 3\u201d of the PA-VM Azure HA configuration guide - https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/configure-activepassive-ha-for-vm-series-firewall-on-azure.html\n\n3. Delete the old Service Principal in the Azure AD Portal that was being used in the Azure HA configuration. Note: If the old Service Principal is used in other applications, then the other applications need to be updated with the new Service Principal.\n"
} }
], ],
"source": { "source": {

5
2020/1xxx/CVE-2020-1984.json
View File

@ -82,8 +82,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1984" "url": "https://security.paloaltonetworks.com/CVE-2020-1984",
"name": "https://security.paloaltonetworks.com/CVE-2020-1984"
} }
] ]
}, },

5
2020/1xxx/CVE-2020-1985.json
View File

@ -82,8 +82,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1985" "url": "https://security.paloaltonetworks.com/CVE-2020-1985",
"name": "https://security.paloaltonetworks.com/CVE-2020-1985"
} }
] ]
}, },

5
2020/1xxx/CVE-2020-1986.json
View File

@ -82,8 +82,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1986" "url": "https://security.paloaltonetworks.com/CVE-2020-1986",
"name": "https://security.paloaltonetworks.com/CVE-2020-1986"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1987.json
View File

@ -59,7 +59,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\".\n\nThis issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1." "value": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1."
} }
] ]
}, },
@ -97,8 +97,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1987" "url": "https://security.paloaltonetworks.com/CVE-2020-1987",
"name": "https://security.paloaltonetworks.com/CVE-2020-1987"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1988.json
View File

@ -69,7 +69,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges.\n\nThis issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;" "value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;"
} }
] ]
}, },
@ -107,8 +107,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1988" "url": "https://security.paloaltonetworks.com/CVE-2020-1988",
"name": "https://security.paloaltonetworks.com/CVE-2020-1988"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1989.json
View File

@ -57,7 +57,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system.\n\nThis issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1." "value": "An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1."
} }
] ]
}, },
@ -95,8 +95,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1989" "url": "https://security.paloaltonetworks.com/CVE-2020-1989",
"name": "https://security.paloaltonetworks.com/CVE-2020-1989"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1990.json
View File

@ -64,7 +64,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7.\nThis issue does not affect PAN-OS 7.1." "value": "A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1."
} }
] ]
}, },
@ -102,8 +102,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1990" "url": "https://security.paloaltonetworks.com/CVE-2020-1990",
"name": "https://security.paloaltonetworks.com/CVE-2020-1990"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1991.json
View File

@ -75,7 +75,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.\n\nThis issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows.\n\nThis issue does not affect Cortex XDR 7.0.\nThis issue does not affect Traps for Linux or MacOS." "value": "An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS."
} }
] ]
}, },
@ -113,8 +113,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1991" "url": "https://security.paloaltonetworks.com/CVE-2020-1991",
"name": "https://security.paloaltonetworks.com/CVE-2020-1991"
} }
] ]
}, },

7
2020/1xxx/CVE-2020-1992.json
View File

@ -84,7 +84,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.\n\nThis issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured.\n\nThis issue requires WildFire services to be configured and enabled.\n\nThis issue does not affect PAN-OS 8.1 and earlier releases.\n\nThis issue does not affect any other PA Series firewalls." "value": "A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls."
} }
] ]
}, },
@ -122,8 +122,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1992" "url": "https://security.paloaltonetworks.com/CVE-2020-1992",
"name": "https://security.paloaltonetworks.com/CVE-2020-1992"
} }
] ]
}, },

5
2020/5xxx/CVE-2020-5735.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-20", "name": "https://www.tenable.com/security/research/tra-2020-20",
"url": "https://www.tenable.com/security/research/tra-2020-20" "url": "https://www.tenable.com/security/research/tra-2020-20"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html"
} }
] ]
}, },