admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-29 07:00:40 +00:00
parent cd0115449e
commit 3a942a5a07
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
31 changed files with 1299 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/17xxx/CVE-2019-17006.json
View File

@ -54,6 +54,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
}
]
},

5
2019/19xxx/CVE-2019-19462.json
View File

@ -121,6 +121,11 @@
"refsource": "UBUNTU",
"name": "USN-4440-1",
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0004/"
}
]
}

5
2020/10xxx/CVE-2020-10663.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
}
]
}

5
2020/10xxx/CVE-2020-10732.json
View File

@ -108,6 +108,11 @@
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/"
}
]
},

5
2020/11xxx/CVE-2020-11724.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4750",
"url": "https://www.debian.org/security/2020/dsa-4750"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0002/"
}
]
}

75
2020/28xxx/CVE-2020-28401.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28401",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28401"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/28xxx/CVE-2020-28402.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28402",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28402"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/28xxx/CVE-2020-28403.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:R",
"version": "3.1"
}
}
}

75
2020/28xxx/CVE-2020-28404.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28404",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28404"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/28xxx/CVE-2020-28405.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/28xxx/CVE-2020-28406.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.starpracticemanagement.com/",
"refsource": "MISC",
"name": "https://www.starpracticemanagement.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28406",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28406"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

66
2020/29xxx/CVE-2020-29004.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T262724",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T262724"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
},
{
"refsource": "CONFIRM",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php",
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
}
]
}

61
2020/29xxx/CVE-2020-29005.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T262724",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T262724"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
}
]
}

5
2020/29xxx/CVE-2020-29509.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md",
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0006/"
}
]
},

5
2020/29xxx/CVE-2020-29510.json
View File

@ -77,6 +77,11 @@
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0006/"
}
]
},

5
2020/29xxx/CVE-2020-29511.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
"name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0006/"
}
]
},

75
2020/29xxx/CVE-2020-29535.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rsa.com/en-us/company/vulnerability-response-policy",
"refsource": "MISC",
"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy"
},
{
"refsource": "CONFIRM",
"name": "https://community.rsa.com/docs/DOC-115223",
"url": "https://community.rsa.com/docs/DOC-115223"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/29xxx/CVE-2020-29536.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rsa.com/en-us/company/vulnerability-response-policy",
"refsource": "MISC",
"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy"
},
{
"refsource": "CONFIRM",
"name": "https://community.rsa.com/docs/DOC-115223",
"url": "https://community.rsa.com/docs/DOC-115223"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

75
2020/29xxx/CVE-2020-29537.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rsa.com/en-us/company/vulnerability-response-policy",
"refsource": "MISC",
"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy"
},
{
"refsource": "CONFIRM",
"name": "https://community.rsa.com/docs/DOC-115223",
"url": "https://community.rsa.com/docs/DOC-115223"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
}
}

75
2020/29xxx/CVE-2020-29538.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rsa.com/en-us/company/vulnerability-response-policy",
"refsource": "MISC",
"name": "https://www.rsa.com/en-us/company/vulnerability-response-policy"
},
{
"refsource": "CONFIRM",
"name": "https://community.rsa.com/docs/DOC-115223",
"url": "https://community.rsa.com/docs/DOC-115223"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
}
}

61
2020/29xxx/CVE-2020-29603.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mantisbt.org/bugs/view.php?id=27726",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27726"
},
{
"url": "https://mantisbt.org/bugs/view.php?id=27357",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27357"
}
]
}

61
2020/29xxx/CVE-2020-29604.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mantisbt.org/bugs/view.php?id=27357",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27357"
},
{
"url": "https://mantisbt.org/bugs/view.php?id=27728",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27728"
}
]
}

61
2020/29xxx/CVE-2020-29605.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mantisbt.org/bugs/view.php?id=27357",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27357"
},
{
"url": "https://mantisbt.org/bugs/view.php?id=27727",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=27727"
}
]
}

61
2020/35xxx/CVE-2020-35145.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35145",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.acronis.com/en-us/products/true-image/",
"refsource": "MISC",
"name": "https://www.acronis.com/en-us/products/true-image/"
},
{
"refsource": "CONFIRM",
"name": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246",
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
}
]
}

5
2020/35xxx/CVE-2020-35448.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679",
"refsource": "MISC",
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0008/"
}
]
}

61
2020/35xxx/CVE-2020-35547.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"name": "https://www.mitel.com/support/security-advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0016",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0016"
}
]
}

5
2020/35xxx/CVE-2020-35728.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2999",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2999"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
}
]
}

203
2020/4xxx/CVE-2020-4642.json
View File

@ -1,102 +1,107 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-12-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4642"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\".",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"C" : "N",
"UI" : "N",
"PR" : "N",
"SCORE" : "6.200",
"I" : "N",
"AV" : "L",
"AC" : "L",
"A" : "H"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-12-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4642"
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux- UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\".",
"lang": "eng"
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6391652",
"url" : "https://www.ibm.com/support/pages/node/6391652",
"title" : "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-db2-cve20204642-dos (185589)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589",
"title" : "X-Force Vulnerability Report"
}
]
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"S": "U",
"C": "N",
"UI": "N",
"PR": "N",
"SCORE": "6.200",
"I": "N",
"AV": "L",
"AC": "L",
"A": "H"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6391652",
"url": "https://www.ibm.com/support/pages/node/6391652",
"title": "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)",
"refsource": "CONFIRM"
},
{
"name": "ibm-db2-cve20204642-dos (185589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589",
"title": "X-Force Vulnerability Report"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
}
]
}
}

5
2021/23xxx/CVE-2021-23239.json
View File

@ -76,6 +76,11 @@
"refsource": "GENTOO",
"name": "GLSA-202101-33",
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0010/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
}
]
}

5
2021/23xxx/CVE-2021-23240.json
View File

@ -76,6 +76,11 @@
"refsource": "GENTOO",
"name": "GLSA-202101-33",
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0010/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
}
]
}

61
2021/3xxx/CVE-2021-3176.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"name": "https://www.mitel.com/support/security-advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0001",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0001"
}
]
}