admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-02 21:01:48 +00:00
parent 60e9ea5736
commit 29d12e9687
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
69 changed files with 993 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/7xxx/CVE-2018-7588.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2018/7xxx/CVE-2018-7589.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2018/7xxx/CVE-2018-7637.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2018/7xxx/CVE-2018-7639.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2019/12xxx/CVE-2019-12419.json
View File

@ -78,6 +78,11 @@
"refsource": "CONFIRM",
"name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc"
},
{
"refsource": "MLIST",
"name": "[cxf-dev] 20201030 CVE-2019-12419",
"url": "https://lists.apache.org/thread.html/ree5fc719e330f82ae38a2b0050c91f18ed5b878312dc0b9e0b9815be@%3Cdev.cxf.apache.org%3E"
}
]
},

5
2019/19xxx/CVE-2019-19073.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4526-1",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2019/19xxx/CVE-2019-19074.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4526-1",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2019/19xxx/CVE-2019-19448.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4578-1",
"url": "https://usn.ubuntu.com/4578-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

10
2019/19xxx/CVE-2019-19917.json
View File

@ -56,6 +56,16 @@
"url": "https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1772",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html"
}
]
}

10
2019/19xxx/CVE-2019-19918.json
View File

@ -56,6 +56,16 @@
"url": "https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1772",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html"
}
]
}

5
2019/9xxx/CVE-2019-9445.json
View File

@ -58,6 +58,11 @@
"refsource": "UBUNTU",
"name": "USN-4526-1",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/12xxx/CVE-2020-12655.json
View File

@ -111,6 +111,11 @@
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/12xxx/CVE-2020-12771.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/12xxx/CVE-2020-12888.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

30
2020/13xxx/CVE-2020-13957.json
View File

@ -68,6 +68,36 @@
"refsource": "MLIST",
"name": "[lucene-issues] 20201029 [jira] [Commented] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented",
"url": "https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-commits] 20201030 [lucene-site] branch master updated: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe merged pull request #31: Add CVE-2020-13957 page",
"url": "https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-commits] 20201030 [lucene-site] 02/02: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe opened a new pull request #32: Publish: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe commented on pull request #32: Publish: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe closed pull request #32: Publish: Add CVE-2020-13957 page (#31)",
"url": "https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E"
}
]
},

5
2020/14xxx/CVE-2020-14314.json
View File

@ -78,6 +78,11 @@
"refsource": "UBUNTU",
"name": "USN-4579-1",
"url": "https://usn.ubuntu.com/4579-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/14xxx/CVE-2020-14331.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/14xxx/CVE-2020-14356.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/14xxx/CVE-2020-14386.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html",
"url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/14xxx/CVE-2020-14390.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1655",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/14xxx/CVE-2020-14779.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5708dd5b87",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14781.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14782.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14792.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14796.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14797.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14798.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

5
2020/14xxx/CVE-2020-14803.json
View File

@ -78,6 +78,11 @@
"refsource": "DEBIAN",
"name": "DSA-4779",
"url": "https://www.debian.org/security/2020/dsa-4779"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
}
]
}

10
2020/15xxx/CVE-2020-15229.json
View File

@ -88,6 +88,16 @@
"refsource": "MISC",
"url": "https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e",
"name": "https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1769",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1770",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html"
}
]
},

5
2020/15xxx/CVE-2020-15393.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

48
2020/15xxx/CVE-2020-15914.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2020-15914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client",
"url": "https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user\u2019s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user\u2019s Origin account, or to control or monitor the Origin text chat window."
}
]
}

5
2020/16xxx/CVE-2020-16166.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25211.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25212.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1698",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25220.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201001-0004/",
"url": "https://security.netapp.com/advisory/ntap-20201001-0004/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25284.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1655",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25285.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4579-1",
"url": "https://usn.ubuntu.com/4579-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/25xxx/CVE-2020-25641.json
View File

@ -78,6 +78,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1698",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

5
2020/25xxx/CVE-2020-25643.json
View File

@ -73,6 +73,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
},

60
2020/25xxx/CVE-2020-25689.json
View File

@ -4,15 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "wildfly-core",
"version": {
"version_data": [
{
"version_value": "up to 21.0.0.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
}
}

5
2020/26xxx/CVE-2020-26088.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4578-1",
"url": "https://usn.ubuntu.com/4578-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
}
]
}

5
2020/26xxx/CVE-2020-26116.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201023-0001/",
"url": "https://security.netapp.com/advisory/ntap-20201023-0001/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e33acdea18",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"
}
]
}

4
2020/27xxx/CVE-2020-27014.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to cause a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -64,4 +64,4 @@
}
]
}
}
}

128
2020/27xxx/CVE-2020-27015.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2020-27015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Antivirus for Mac (Consumer)",
"version" : {
"version_data" : [
{
"version_value" : "2020 (v10.x) and below"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x) and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"
}
]
}
}

7
2020/27xxx/CVE-2020-27655.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_14",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1066"
}
]
}
}
}

7
2020/27xxx/CVE-2020-27656.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_18",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071"
}
]
}
}
}

7
2020/27xxx/CVE-2020-27657.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_14",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1071"
}
]
}
}
}

50
2020/27xxx/CVE-2020-27708.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@ea.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Origin",
"version": {
"version_data": [
{
"version_value": "10.5.86 (or earlier)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ea.com/security/news/easec-2020-002-elevation-of-privilege-vulnerability-in-origin-client",
"url": "https://www.ea.com/security/news/easec-2020-002-elevation-of-privilege-vulnerability-in-origin-client"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators."
}
]
}

18
2020/28xxx/CVE-2020-28001.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/28xxx/CVE-2020-28002.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://csl.com.co/sonarqube-auditando-al-auditor-parte-ii/",
"refsource": "MISC",
"name": "https://csl.com.co/sonarqube-auditando-al-auditor-parte-ii/"
}
]
}
}

18
2020/28xxx/CVE-2020-28003.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28004.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28005.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

176
2020/4xxx/CVE-2020-4584.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.9.13"
}
]
},
"product_name" : "i2 iBase"
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6357065",
"name" : "https://www.ibm.com/support/pages/node/6357065",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6357065 (i2 iBase)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-i2-cve20204584-info-disc (184574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184574"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.9.13"
}
]
},
"product_name": "i2 iBase"
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4584"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"C" : "L",
"AV" : "L",
"SCORE" : "3.300",
"AC" : "L",
"A" : "N",
"S" : "U",
"I" : "N",
"UI" : "N",
"PR" : "L"
}
}
}
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6357065",
"name": "https://www.ibm.com/support/pages/node/6357065",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6357065 (i2 iBase)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-i2-cve20204584-info-disc (184574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184574"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4584"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"C": "L",
"AV": "L",
"SCORE": "3.300",
"AC": "L",
"A": "N",
"S": "U",
"I": "N",
"UI": "N",
"PR": "L"
}
}
}
}

172
2020/4xxx/CVE-2020-4588.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6357037",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6357037 (i2 iBase)",
"url" : "https://www.ibm.com/support/pages/node/6357037"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184579",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-i2-cve20204588-file-upload (184579)"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.9.13"
}
]
},
"product_name" : "i2 iBase"
}
]
}
"name": "https://www.ibm.com/support/pages/node/6357037",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6357037 (i2 iBase)",
"url": "https://www.ibm.com/support/pages/node/6357037"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184579",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-i2-cve20204588-file-upload (184579)"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "7.700",
"AV" : "L",
"C" : "H",
"I" : "H",
"UI" : "R",
"PR" : "H",
"S" : "C",
"A" : "H",
"AC" : "L"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4588"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.9.13"
}
]
},
"product_name": "i2 iBase"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579."
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "7.700",
"AV": "L",
"C": "H",
"I": "H",
"UI": "R",
"PR": "H",
"S": "C",
"A": "H",
"AC": "L"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4588"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579."
}
]
}
}

43
2020/5xxx/CVE-2020-5387.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-09-29",
"ID": "CVE-2020-5387",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-09-29",
"ID": "CVE-2020-5387",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "1.13.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 2.3,
"baseSeverity": "Low",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 2.3,
"baseSeverity": "Low",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/SLN322626"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN322626",
"name": "https://www.dell.com/support/article/SLN322626"
}
]
}

15
2020/5xxx/CVE-2020-5652.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5652",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU96558207/index.html"
"url": "https://jvn.jp/vu/JVNVU96558207/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU96558207/index.html"
}
]
},

15
2020/5xxx/CVE-2020-5653.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5653",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},

17
2020/5xxx/CVE-2020-5654.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5654",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},
@ -58,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
}

17
2020/5xxx/CVE-2020-5655.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5655",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},
@ -58,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
}

15
2020/5xxx/CVE-2020-5656.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5656",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},

15
2020/5xxx/CVE-2020-5657.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5657",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},

17
2020/5xxx/CVE-2020-5658.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5658",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
"url": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
},
@ -62,4 +69,4 @@
}
]
}
}
}

50
2020/6xxx/CVE-2020-6014.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@checkpoint.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows",
"version": {
"version_data": [
{
"version_value": "before E83.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-114: Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://supportcontent.checkpoint.com/solutions?id=sk168081",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk168081"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate."
}
]
}

5
2020/7xxx/CVE-2020-7069.json
View File

@ -125,6 +125,11 @@
"refsource": "UBUNTU",
"name": "USN-4583-1",
"url": "https://usn.ubuntu.com/4583-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1767",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
}
]
},

5
2020/7xxx/CVE-2020-7070.json
View File

@ -140,6 +140,11 @@
"refsource": "UBUNTU",
"name": "USN-4583-1",
"url": "https://usn.ubuntu.com/4583-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1767",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
}
]
},

12
2020/7xxx/CVE-2020-7759.json
View File

@ -52,12 +52,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405",
"name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/pimcore/pimcore/pull/7315"
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/pull/7315",
"name": "https://github.com/pimcore/pimcore/pull/7315"
}
]
},
@ -65,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{\"keyId\"%3a\"''\",\"groupId\"%3a\"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+\"}]\n"
"value": "The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{\"keyId\"%3a\"''\",\"groupId\"%3a\"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+\"}]"
}
]
},

42
2020/7xxx/CVE-2020-7760.json
View File

@ -66,36 +66,44 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937",
"name": "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb"
"refsource": "MISC",
"url": "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb",
"name": "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb"
}
]
},
@ -103,7 +111,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.\n The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*\r\n\r\n"
"value": "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*"
}
]
},