"-Synchronized-Data."

This commit is contained in:
CVE Team 2020-04-15 21:01:27 +00:00
parent c765a3b584
commit 387919a89a
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
38 changed files with 373 additions and 55 deletions

View File

@ -126,6 +126,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0981",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0981"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157248/Microsoft-Windows-NtFilterToken-ParentTokenId-Incorrect-Setting-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157248/Microsoft-Windows-NtFilterToken-ParentTokenId-Incorrect-Setting-Privilege-Escalation.html"
}
]
}

View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-334/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-334/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html"
}
]
},

View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-335/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-335/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html"
}
]
},

View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-336/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-336/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html"
}
]
},

View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200403-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200403-0003/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field",
"url": "http://www.openwall.com/lists/oss-security/2020/04/15/4"
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@ca.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@ca.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Schema Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@ca.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Schema Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information."
}
]
}

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
},

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -125,7 +125,7 @@
"description_data": [
{
"lang": "eng",
"value": "In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C.\n\nThis issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893).\n\nRepeated receipt of the same BGP UPDATE can result in an extended DoS condition.\n\nThis issue affects Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S7;\n17.4 versions prior to 17.4R2-S8, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R2-S6, 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R3;\n18.4 version 18.4R2 and later versions;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 16.1R1.\n\nThis issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO.\n\n\n"
"value": "In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.\r The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.\r "
"value": "A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.\r The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints.\r "
"value": "A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device.\r The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.\r "
"value": "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.\r The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.\r "
"value": "A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r The vulnerability is due to the improper processing of client packets that are sent to an affected access point (AP). An attacker could exploit this vulnerability by sending a large number of sustained client packets to the affected AP. A successful exploit could allow the attacker to cause the affected AP to crash, resulting in a DoS condition.\r "
"value": "A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected access point (AP). An attacker could exploit this vulnerability by sending a large number of sustained client packets to the affected AP. A successful exploit could allow the attacker to cause the affected AP to crash, resulting in a DoS condition."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.\r "
"value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.\r "
"value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition."
}
]
},

View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS. "
"value": "A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS."
}
]
},

View File

@ -120,6 +120,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2177-1] git security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200415 CVE-2020-5260: Git: malicious URLs may cause Git to present stored credentials to the wrong server",
"url": "http://www.openwall.com/lists/oss-security/2020/04/15/5"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html",
"url": "http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html"
}
]
},

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik WinBox",
"version": {
"version_data": [
{
"version_value": "3.22 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-260"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-23",
"url": "https://www.tenable.com/security/research/tra-2020-23"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."
}
]
}

View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-7612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271",
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html"
}
]
}

View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default \"/Uploads\" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"url": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"name": "https://forum.silverstripe.org/c/releases"
},
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/cve-2020-9280",
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
}
]
}