admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-14 20:01:33 +00:00
parent b9b8b65eff
commit 48ae406266
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 297 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2019/12xxx/CVE-2019-12773.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Jul/15",
"url": "https://seclists.org/fulldisclosure/2020/Jul/15"
}
]
}

56
2019/12xxx/CVE-2019-12783.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Jul/16",
"url": "https://seclists.org/fulldisclosure/2020/Jul/16"
}
]
}

56
2019/12xxx/CVE-2019-12784.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Jul/17",
"url": "https://seclists.org/fulldisclosure/2020/Jul/17"
}
]
}

56
2020/11xxx/CVE-2020-11546.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.to.com/advisory-superwebmailer-cve-2020-11546/",
"url": "https://blog.to.com/advisory-superwebmailer-cve-2020-11546/"
}
]
}

2
2020/15xxx/CVE-2020-15100.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process.\n\nThis has been patched in 0.1.1."
"value": "In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1."
}
]
},

43
2020/5xxx/CVE-2020-5373.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-13",
"ID": "CVE-2020-5373",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-13",
"ID": "CVE-2020-5373",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "OMIMSSC (OpenManage Integration for Microsoft System Center)",
"product_name": "OMIMSSC (OpenManage Integration for Microsoft System Center)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "7.2.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en",
"name": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en"
}
]
}

43
2020/5xxx/CVE-2020-5374.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-13",
"ID": "CVE-2020-5374",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-13",
"ID": "CVE-2020-5374",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "OMIMSSC (OpenManage Integration for Microsoft System Center)",
"product_name": "OMIMSSC (OpenManage Integration for Microsoft System Center)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "7.2.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en",
"name": "https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en"
}
]
}

5
2020/5xxx/CVE-2020-5902.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC",
"name": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/",
"url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/"
},
{
"refsource": "MISC",
"name": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/",
"url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/"
}
]
},

50
2020/9xxx/CVE-2020-9297.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-report@netflix.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Netflix Titus",
"version": {
"version_data": [
{
"version_value": "All versions prior to version v0.1.1-rc.274"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code."
}
]
}