admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-16 21:01:20 +00:00
parent ce6345832d
commit 51783211bf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 196 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/17xxx/CVE-2019-17655.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17655",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.2.2 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-19-217",
"url": "https://fortiguard.com/psirt/FG-IR-19-217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system."
}
]
}
}

5
2020/0xxx/CVE-2020-0067.json
View File

@ -58,6 +58,11 @@
"refsource": "UBUNTU",
"name": "USN-4388-1",
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
},

5
2020/0xxx/CVE-2020-0543.json
View File

@ -73,6 +73,11 @@
"refsource": "UBUNTU",
"name": "USN-4393-1",
"url": "https://usn.ubuntu.com/4393-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
},

5
2020/10xxx/CVE-2020-10751.json
View File

@ -98,6 +98,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0801",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
},

5
2020/12xxx/CVE-2020-12114.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4392-1",
"url": "https://usn.ubuntu.com/4392-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
}

5
2020/12xxx/CVE-2020-12464.json
View File

@ -116,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4388-1",
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
}

5
2020/12xxx/CVE-2020-12659.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4388-1",
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4389-1",
"url": "https://usn.ubuntu.com/4389-1/"
}
]
}

5
2020/12xxx/CVE-2020-12712.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4",
"url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html",
"url": "http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html"
}
]
}

5
2020/13xxx/CVE-2020-13162.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/",
"url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/158117/Pulse-Secure-Client-For-Windows-Local-Privilege-Escalation.html"
}
]
}

7
2020/13xxx/CVE-2020-13702.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. NOTE: this is disputed because the specification states \"The advertiser address, Rolling Proximity Identifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked\" and therefore the purported tracking actually cannot occur."
"value": "** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. NOTE: this is disputed because the specification states \"The advertiser address, Rolling Proximity Identifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked\" and therefore the purported tracking actually cannot occur. The original reporter says that synchronous changes only occur in one direction, not both directions."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf",
"url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf",
"url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf"
}
]
},

18
2020/14xxx/CVE-2020-14208.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14209.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2020/5xxx/CVE-2020-5515.json
View File

@ -56,6 +56,11 @@
"url": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/",
"refsource": "MISC",
"name": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html"
}
]
}

50
2020/9xxx/CVE-2020-9289.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager",
"version": {
"version_data": [
{
"version_value": "FortiManager 6.2.3 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-19-007",
"url": "https://fortiguard.com/psirt/FG-IR-19-007"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."
}
]
}