admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-14 18:01:05 +00:00
parent b0e733f403
commit 40ffa90a87
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
23 changed files with 1078 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2015/1xxx/CVE-2015-1869.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1869", "ID": "CVE-2015-1869",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/17/5",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca",
"url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f",
"url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f"
} }
] ]
} }

70
2015/3xxx/CVE-2015-3147.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3147", "ID": "CVE-2015-3147",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 2.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/17/5",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/pull/955",
"url": "https://github.com/abrt/abrt/pull/955"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091",
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
} }
] ]
} }

70
2015/3xxx/CVE-2015-3150.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3150", "ID": "CVE-2015-3150",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 1951e7282043dfe1268d492aea056b554baedb75"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8",
"url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1",
"url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7",
"url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75",
"url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"
} }
] ]
} }

75
2015/3xxx/CVE-2015-3151.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3151", "ID": "CVE-2015-3151",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932",
"url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b",
"url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364",
"url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277",
"url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3",
"url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"
} }
] ]
} }

60
2015/3xxx/CVE-2015-3159.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3159", "ID": "CVE-2015-3159",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b",
"url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a",
"url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
} }
] ]
} }

14
2015/4xxx/CVE-2015-4107.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4107",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none."
} }
] ]
} }

50
2019/19xxx/CVE-2019-19548.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-19548", "ID": "CVE-2019-19548",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec",
"product": {
"product_data": [
{
"product_name": "Norton Power Eraser",
"version": {
"version_data": [
{
"version_value": "Prior to 5.3.0.67"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1503.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1503.html"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
} }
] ]
} }

5
2019/19xxx/CVE-2019-19781.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
"url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html" "url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html"
} }
] ]
} }

5
2019/3xxx/CVE-2019-3929.json
View File

@ -88,6 +88,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html", "name": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html" "url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html"
} }
] ]
}, },

56
2020/5xxx/CVE-2020-5193.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5193",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-5193",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html"
} }
] ]
} }

63
2020/6xxx/CVE-2020-6303.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-6303", "ID": "CVE-2020-6303",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@sap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Disclosure Management",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "10.1"
}
]
}
}
]
}
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2772325",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2772325"
},
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
} }
] ]
} }

175
2020/6xxx/CVE-2020-6304.json
View File

@ -4,14 +4,183 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-6304", "ID": "CVE-2020-6304",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@sap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Internet Communication Manager (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver Internet Communication Manager (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver Internet Communication Manager (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP NetWeaver Internet Communication Manager (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP NetWeaver Internet Communication Manager (KERNEL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
}
]
}
}
]
}
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2848498",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2848498"
} }
] ]
} }

71
2020/6xxx/CVE-2020-6305.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-6305", "ID": "CVE-2020-6305",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@sap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Process Integration - Rest Adapter (SAP_XIAF)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2863743",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2863743"
} }
] ]
} }

102
2020/6xxx/CVE-2020-6306.json
View File

@ -4,14 +4,110 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-6306", "ID": "CVE-2020-6306",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@sap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Leasing (SAP_Appl)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "6.18"
}
]
}
},
{
"product_name": "SAP Leasing (EA_Appl)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "6.0"
},
{
"version_name": "<",
"version_value": "6.02"
},
{
"version_name": "<",
"version_value": "6.03"
},
{
"version_name": "<",
"version_value": "6.04"
},
{
"version_name": "<",
"version_value": "6.05"
},
{
"version_name": "<",
"version_value": "6.06"
},
{
"version_name": "<",
"version_value": "6.16"
},
{
"version_name": "<",
"version_value": "6.17"
}
]
}
}
]
}
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17)."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.7",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2865348",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2865348"
} }
] ]
} }

99
2020/6xxx/CVE-2020-6307.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-6307", "ID": "CVE-2020-6307",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@sap.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "Automated Note Search Tool (SAP Basis)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.0"
},
{
"version_name": "<",
"version_value": "7.01"
},
{
"version_name": "<",
"version_value": "7.02"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.4"
},
{
"version_name": "<",
"version_value": "7.5"
},
{
"version_name": "<",
"version_value": "7.51"
},
{
"version_name": "<",
"version_value": "7.52"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.54"
}
]
}
}
]
}
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2863397",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2863397"
} }
] ]
} }

18
2020/7xxx/CVE-2020-7044.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7045.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7046.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7047.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7048.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7049.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7050.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/7xxx/CVE-2020-7051.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}