admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4030

Browse Source 
Auto-merge PR#4030
This commit is contained in:
CVE Team 2020-06-10 08:58:00 -04:00 committed by GitHub
commit 31c21ceded
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 978 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2019/4xxx/CVE-2019-4576.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4576",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"PR" : "N",
"AV" : "N",
"A" : "N",
"C" : "H",
"SCORE" : "5.900",
"AC" : "H",
"UI" : "N",
"I" : "N"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2019-4576",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221298",
"url" : "https://www.ibm.com/support/pages/node/6221298",
"title" : "IBM Security Bulletin 6221298 (QRadar Network Packet Capture Software)"
},
{
"refsource" : "XF",
"name" : "ibm-qradar-cve20194576-info-disc (166803)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166803",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "QRadar Network Packet Capture Software",
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.3.3.Patch1"
},
{
"version_value" : "7.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
}
}

190
2020/4xxx/CVE-2020-4432.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
},
"product_name" : "Aspera Proxy Server"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
}
]
}
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"refsource" : "XF",
"name" : "ibm-aspera-cve20204432-command-exec (180810)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180810",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2020-4432",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"A" : "H",
"AV" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.500",
"I" : "H",
"AC" : "H",
"UI" : "N"
}
}
},
"data_format" : "MITRE"
}

190
2020/4xxx/CVE-2020-4433.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "H",
"SCORE" : "7.500",
"I" : "H",
"UI" : "N",
"PR" : "L",
"S" : "U",
"C" : "H",
"AV" : "N",
"A" : "H"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4433",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"product_name" : "Aspera Shares On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Application Platform On Demand"
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
}
]
}
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180814",
"name" : "ibm-aspera-cve20204433-bo (180814)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814."
}
]
},
"data_type" : "CVE"
}

190
2020/4xxx/CVE-2020-4434.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "7.500",
"AC" : "H",
"I" : "H",
"UI" : "N",
"A" : "H",
"AV" : "N",
"C" : "H",
"S" : "U",
"PR" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ID" : "CVE-2020-4434",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180900",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-aspera-cve20204434-bo (180900)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server"
},
{
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
},
"product_name" : "Aspera Proxy Server"
},
{
"product_name" : "Aspera Faspex On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Endpoint",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera Streaming"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
}
]
}
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
}
}

190
2020/4xxx/CVE-2020-4435.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4435",
"DATE_PUBLIC" : "2020-06-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "7.500",
"I" : "H",
"AC" : "H",
"UI" : "N",
"A" : "H",
"AV" : "N",
"C" : "H",
"S" : "U",
"PR" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))",
"url" : "https://www.ibm.com/support/pages/node/6221324"
},
{
"name" : "ibm-aspera-cve20204435-command-exec (180901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180901",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
},
"product_name" : "Aspera Transfer Cluster Manager"
},
{
"product_name" : "Aspera High-Speed Transfer Server",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Faspex On Demand"
},
{
"product_name" : "Aspera Server On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera Streaming"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Endpoint"
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
}
}

190
2020/4xxx/CVE-2020-4436.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "Aspera Faspex On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.10"
}
]
},
"product_name" : "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
},
"product_name" : "Aspera High-Speed Transfer Endpoint"
},
{
"product_name" : "Aspera Streaming",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Server On Demand"
},
{
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
},
"product_name" : "Aspera Shares On Demand"
},
{
"product_name" : "Aspera Application Platform On Demand",
"version" : {
"version_data" : [
{
"version_value" : "3.7.4"
}
]
}
},
{
"product_name" : "Aspera Transfer Cluster Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.3.1"
}
]
}
},
{
"product_name" : "Aspera High-Speed Transfer Server",
"version" : {
"version_data" : [
{
"version_value" : "3.9.3"
}
]
}
},
{
"product_name" : "Aspera Proxy Server",
"version" : {
"version_data" : [
{
"version_value" : "1.4.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6221324",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6221324",
"title" : "IBM Security Bulletin 6221324 (Aspera on Demand (AOD))"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180902",
"refsource" : "XF",
"name" : "ibm-aspera-cve20204436-bo (180902)"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "H",
"C" : "H",
"S" : "U",
"PR" : "L",
"SCORE" : "8.800",
"AC" : "L",
"UI" : "N",
"I" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4436",
"DATE_PUBLIC" : "2020-06-09T00:00:00"
}
}