admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-19 11:00:54 +00:00
parent a7351609ff
commit 3a5e181eec
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 334 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2020/12xxx/CVE-2020-12820.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.10"
},
{
"version_affected": "<=",
"version_name": "5.6.0",
"version_value": "5.6.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083",
"refsource": "MISC",
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS versions 5.6.13 or above.\r\nPlease upgrade to FortiOS versions 6.0.11 or above. \r\nFortiOS versions 6.2.0 and above are not impacted. \r\nFortiOS versions 6.4.0 and above are not impacted. \r\nWorkaround: \r\nPlease ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface. \r\nFortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:\r\nconfig system interface\r\nedit interface\r\nset endpoint-compliance disable (<-- Disabled by default)\r\nset fortiheartbeat disable\r\nnext\r\nend"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:X/RC:X"
}
]
}

97
2020/15xxx/CVE-2020-15934.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiClientLinux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.4.0"
},
{
"version_affected": "<=",
"version_name": "6.2.6",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.4"
},
{
"version_affected": "=",
"version_value": "6.0.8"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.fortiguard.com/psirt/FG-IR-20-110",
"refsource": "MISC",
"name": "https://www.fortiguard.com/psirt/FG-IR-20-110"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"
}
]
}

109
2021/26xxx/CVE-2021-26115.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiWAN",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.5.0",
"version_value": "4.5.7"
},
{
"version_affected": "<=",
"version_name": "4.4.0",
"version_value": "4.4.1"
},
{
"version_affected": "<=",
"version_name": "4.3.0",
"version_value": "4.3.1"
},
{
"version_affected": "<=",
"version_name": "4.2.5",
"version_value": "4.2.7"
},
{
"version_affected": "<=",
"version_name": "4.2.1",
"version_value": "4.2.2"
},
{
"version_affected": "<=",
"version_name": "4.1.1",
"version_value": "4.1.3"
},
{
"version_affected": "<=",
"version_name": "4.0.0",
"version_value": "4.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-069",
"refsource": "MISC",
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-069"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiWAN version 4.5.8 or above."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C"
}
]
}

99
2021/47xxx/CVE-2021-47615.json
View File

@ -5,109 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2021-47615",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n debug_dma_unmap_page+0x57/0x60\n mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n ib_dereg_mr_user+0x60/0x140 [ib_core]\n uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n uobj_destroy+0x3f/0x80 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n ? lock_acquire+0xc4/0x2e0\n ? lock_acquired+0x12/0x380\n ? lock_acquire+0xc4/0x2e0\n ? lock_acquire+0xc4/0x2e0\n ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n ? lock_release+0x28a/0x400\n ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n __x64_sys_ioctl+0x7f/0xb0\n do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n in case there isn't udata, which indicates that this isn't a user MR."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "f18ec4223117",
"version_value": "e3bc4d4b50ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.10",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.14",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701"
},
{
"url": "https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9"
},
{
"url": "https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f"
}
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
}
}

18
2024/12xxx/CVE-2024-12795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/0xxx/CVE-2025-0102.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}