admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #301 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2020-07-23 12:01:25 -04:00 committed by GitHub
commit 52692ddc56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
80 changed files with 2502 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
2012/6xxx/CVE-2012-6342.json
View File

@ -52,6 +52,16 @@
},
"references": {
"reference_data": [
{
"name": "20130116 Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0066.html"
},
{
"name": "20120920 [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/524217/30/450/threaded"
},
{
"name": "http://packetstormsecurity.com/files/116829/Atlassian-Confluence-3.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
@ -63,14 +73,9 @@
"url": "http://www.halock.com/blog/cve-2012-6342-atlassian-confluence-multiple-cross-site-request-forgery-csrf-vulnerabilities"
},
{
"name": "20130116 Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0066.html"
},
{
"name": "20120920 [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/524217/30/450/threaded"
"name": "https://jira.atlassian.com/browse/CONFSERVER-22784",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-22784"
}
]
}

5
2017/18xxx/CVE-2017-18267.json
View File

@ -81,6 +81,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:0327",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2018/16xxx/CVE-2018-16646.json
View File

@ -86,6 +86,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2022",
"url": "https://access.redhat.com/errata/RHSA-2019:2022"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2018/20xxx/CVE-2018-20481.json
View File

@ -86,6 +86,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2018/21xxx/CVE-2018-21009.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2019/10xxx/CVE-2019-10872.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4042-1",
"url": "https://usn.ubuntu.com/4042-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

134
2019/11xxx/CVE-2019-11252.json
View File

@ -1,18 +1,140 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-03-04T05:00:00.000Z",
"ID": "CVE-2019-11252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Credential leakage when failing to mount"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_name": "1.16",
"version_value": "1.16"
},
{
"version_name": "1.17",
"version_value": "1.17"
},
{
"version_name": "1.6",
"version_value": "1.6"
},
{
"version_name": "1.7",
"version_value": "1.7"
},
{
"version_name": "1.8",
"version_value": "1.8"
},
{
"version_name": "1.9",
"version_value": "1.9"
},
{
"version_name": "1.10",
"version_value": "1.10"
},
{
"version_name": "1.11",
"version_value": "1.11"
},
{
"version_name": "1.12",
"version_value": "1.12"
},
{
"version_name": "1.13",
"version_value": "1.13"
},
{
"version_name": "1.14",
"version_value": "1.14"
},
{
"version_name": "1.15",
"version_value": "1.15"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Christopher J. Ruwe"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/pull/88684",
"name": "https://github.com/kubernetes/kubernetes/pull/88684"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/pull/88684"
],
"discovery": "EXTERNAL"
}
}

5
2019/11xxx/CVE-2019-11328.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2288",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1037",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"
}
]
}

5
2019/12xxx/CVE-2019-12293.json
View File

@ -86,6 +86,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2019/18xxx/CVE-2019-18618.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf",
"url": "https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf"
},
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06696474",
"url": "https://support.hp.com/us-en/document/c06696474"
}
]
}

5
2019/19xxx/CVE-2019-19724.json
View File

@ -61,6 +61,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0057",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1037",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"
}
]
}

5
2019/20xxx/CVE-2019-20907.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/python/cpython/pull/21454",
"url": "https://github.com/python/cpython/pull/21454"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-dfb11916cc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"
}
]
}

5
2019/9xxx/CVE-2019-9200.json
View File

@ -106,6 +106,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

5
2019/9xxx/CVE-2019-9631.json
View File

@ -91,6 +91,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200723 [SECURITY] [DLA 2287-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
}
]
}

63
2020/10xxx/CVE-2020-10917.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESMPRO Manager",
"version": {
"version_data": [
{
"version_value": "6.42"
}
]
}
}
]
},
"vendor_name": "NEC"
}
]
}
},
"credit": "Sivathmican Sivakumaran of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-684/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-684/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}

81
2020/10xxx/CVE-2020-10918.json
View File

@ -1,18 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HMI EA9",
"version": {
"version_data": [
{
"version_value": "Firmware version 6.52"
}
]
}
}
]
},
"vendor_name": "C-MORE"
}
]
}
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-805/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
}

81
2020/10xxx/CVE-2020-10919.json
View File

@ -1,18 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HMI EA9",
"version": {
"version_data": [
{
"version_value": "Firmware version 6.52"
}
]
}
}
]
},
"vendor_name": "C-MORE"
}
]
}
}
},
"credit": "Ta-Lun Yen & Chizuru Toyama of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-806/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
}

81
2020/10xxx/CVE-2020-10920.json
View File

@ -1,18 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HMI EA9",
"version": {
"version_data": [
{
"version_value": "Firmware version 6.52"
}
]
}
}
]
},
"vendor_name": "C-MORE"
}
]
}
}
},
"credit": "Ta-Lun Yen & Chizuru Toyama of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-808/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}

81
2020/10xxx/CVE-2020-10921.json
View File

@ -1,18 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HMI EA9",
"version": {
"version_data": [
{
"version_value": "Firmware version 6.52"
}
]
}
}
]
},
"vendor_name": "C-MORE"
}
]
}
}
},
"credit": "Ta-Lun Yen & Chizuru Toyama of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-807/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}

81
2020/10xxx/CVE-2020-10922.json
View File

@ -1,18 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10922",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HMI EA9",
"version": {
"version_data": [
{
"version_value": "Firmware version 6.52"
}
]
}
}
]
},
"vendor_name": "C-MORE"
}
]
}
}
},
"credit": "evanslify",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-809/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
}

10
2020/10xxx/CVE-2020-10941.json
View File

@ -56,6 +56,16 @@
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02",
"refsource": "MISC",
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-fa74e15364",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-5b60029fe2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/"
}
]
}

61
2020/11xxx/CVE-2020-11440.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://windriver.com",
"refsource": "MISC",
"name": "https://windriver.com"
},
{
"refsource": "MISC",
"name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440",
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-11440"
}
]
}

10
2020/13xxx/CVE-2020-13692.json
View File

@ -66,6 +66,16 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"refsource": "MLIST",
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
}
]
}

5
2020/13xxx/CVE-2020-13845.json
View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1011",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1037",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"
}
]
}

5
2020/13xxx/CVE-2020-13846.json
View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1011",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1037",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"
}
]
}

5
2020/13xxx/CVE-2020-13847.json
View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1011",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1037",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"
}
]
}

5
2020/14xxx/CVE-2020-14147.json
View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-4731",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1035",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
}
]
}

10
2020/14xxx/CVE-2020-14295.json
View File

@ -56,6 +56,16 @@
"url": "https://github.com/Cacti/cacti/issues/3622",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/3622"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-8a15713da2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKM5G3YNSZDHDZMPCMAHG5B5M2V4XYSE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-7dddce530c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W64CIB6L4HZRVQSWKPDDKXJO4J2XTOXD/"
}
]
}

5
2020/14xxx/CVE-2020-14422.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1002",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-dfb11916cc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"
}
]
}

5
2020/14xxx/CVE-2020-14556.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14577.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14578.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14579.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14581.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14583.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14593.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

5
2020/14xxx/CVE-2020-14621.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
}
]
}

87
2020/15xxx/CVE-2020-15126.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Information disclosure through Viewer query in parse-server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_value": ">= 3.5.0, < 4.3.0"
}
]
}
}
]
},
"vendor_name": "parse-community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-236h-rqv8-8q73",
"refsource": "CONFIRM",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-236h-rqv8-8q73"
},
{
"name": "https://github.com/parse-community/parse-server/commit/78239ac9071167fdf243c55ae4bc9a2c0b0d89aa",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/commit/78239ac9071167fdf243c55ae4bc9a2c0b0d89aa"
},
{
"name": "https://github.com/parse-community/parse-server/blob/master/CHANGELOG.md#430",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/blob/master/CHANGELOG.md#430"
}
]
},
"source": {
"advisory": "GHSA-236h-rqv8-8q73",
"discovery": "UNKNOWN"
}
}

5
2020/15xxx/CVE-2020-15563.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0985",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-76cf2b0f0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
}
]
}

5
2020/15xxx/CVE-2020-15564.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-fbc13516af",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-76cf2b0f0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
}
]
}

5
2020/15xxx/CVE-2020-15565.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0985",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-76cf2b0f0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
}
]
}

5
2020/15xxx/CVE-2020-15566.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0985",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-76cf2b0f0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
}
]
}

5
2020/15xxx/CVE-2020-15567.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0985",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-76cf2b0f0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
}
]
}

56
2020/15xxx/CVE-2020-15688.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit request replay attacks for local requests over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/embedthis/goahead-gpl/issues/3",
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
}
]
}

5
2020/15xxx/CVE-2020-15806.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download="
},
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-46",
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
]
}

71
2020/15xxx/CVE-2020-15881.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munki_facts/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munki_facts/releases"
},
{
"url": "https://github.com/munkireport/munkireport-php",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-munki_facts-XSS",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-munki_facts-XSS"
}
]
}

66
2020/15xxx/CVE-2020-15882.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-CSRF-Bypass-On-Endpoints-With-No-Body-Parameters",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-CSRF-Bypass-On-Endpoints-With-No-Body-Parameters"
}
]
}

71
2020/15xxx/CVE-2020-15883.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php"
},
{
"url": "https://github.com/munkireport/managedinstalls/releases/tag/v2.6",
"refsource": "MISC",
"name": "https://github.com/munkireport/managedinstalls/releases/tag/v2.6"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module"
}
]
}

66
2020/15xxx/CVE-2020-15884.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-In-Datatables-Order-By-In-Post-Body",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-In-Datatables-Order-By-In-Post-Body"
}
]
}

71
2020/15xxx/CVE-2020-15885.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php"
},
{
"url": "https://github.com/munkireport/comment/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/comment/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments"
}
]
}

71
2020/15xxx/CVE-2020-15886.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15886",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"url": "https://github.com/munkireport/reportdata/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/reportdata/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-In-Reportdata-Ip-In-'req'-GET-Parameter",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-In-Reportdata-Ip-In-'req'-GET-Parameter"
}
]
}

71
2020/15xxx/CVE-2020-15887.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/munkireport/munkireport-php/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases"
},
{
"url": "https://github.com/munkireport/softwareupdate/releases",
"refsource": "MISC",
"name": "https://github.com/munkireport/softwareupdate/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-in-softwareupdate-module",
"url": "https://github.com/munkireport/munkireport-php/wiki/20200722-SQL-Injection-in-softwareupdate-module"
},
{
"refsource": "MISC",
"name": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3",
"url": "https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3"
}
]
}

18
2020/15xxx/CVE-2020-15897.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15898.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15899.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15900.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/15xxx/CVE-2020-15901.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to execute arbitrary commands via cmdsubsys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource": "MISC",
"name": "https://www.nagios.com/downloads/nagios-xi/change-log/"
}
]
}
}

62
2020/15xxx/CVE-2020-15902.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource": "MISC",
"name": "https://www.nagios.com/downloads/nagios-xi/change-log/"
}
]
}
}

18
2020/15xxx/CVE-2020-15903.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2020/15xxx/CVE-2020-15904.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7",
"refsource": "MISC",
"name": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7"
}
]
}
}

18
2020/15xxx/CVE-2020-15905.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15906.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15907.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/15xxx/CVE-2020-15908.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CauldronDevelopmentLLC/cbang/compare/1.5.1...1.6.0",
"refsource": "MISC",
"name": "https://github.com/CauldronDevelopmentLLC/cbang/compare/1.5.1...1.6.0"
},
{
"url": "https://github.com/CauldronDevelopmentLLC/cbang/commit/1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7",
"refsource": "MISC",
"name": "https://github.com/CauldronDevelopmentLLC/cbang/commit/1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7"
}
]
}
}

18
2020/15xxx/CVE-2020-15909.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15910.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15911.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

77
2020/15xxx/CVE-2020-15912.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers",
"refsource": "MISC",
"name": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers"
},
{
"url": "https://www.youtube.com/watch?v=kQWg-Ywv3S4",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=kQWg-Ywv3S4"
},
{
"url": "https://www.youtube.com/watch?v=VYKsfgox-bs",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=VYKsfgox-bs"
},
{
"url": "https://twitter.com/Kevin2600/status/1218892338182836224",
"refsource": "MISC",
"name": "https://twitter.com/Kevin2600/status/1218892338182836224"
}
]
}
}

18
2020/15xxx/CVE-2020-15913.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15914.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

28
2020/3xxx/CVE-2020-3452.json
View File

@ -17,28 +17,28 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.6.4.42"
"version_affected": "<",
"version_value": "9.6.4.42"
},
{
"version_affected": "<",
"version_value": "9.8.4.20"
"version_affected": "<",
"version_value": "9.8.4.20"
},
{
"version_affected": "<",
"version_value": "9.9.2.74"
"version_affected": "<",
"version_value": "9.9.2.74"
},
{
"version_affected": "<",
"version_value": "9.10.1.42"
"version_affected": "<",
"version_value": "9.10.1.42"
},
{
"version_affected": "<",
"version_value": "9.13.1.10"
"version_affected": "<",
"version_value": "9.13.1.10"
},
{
"version_affected": "<",
"version_value": "9.14.1.10"
"version_affected": "<",
"version_value": "9.14.1.10"
}
]
}
@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. "
"value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files."
}
]
},
@ -104,4 +104,4 @@
],
"discovery": "INTERNAL"
}
}
}

93
2020/4xxx/CVE-2020-4369.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "H",
"UI": "N",
"S": "U",
"I": "N",
"C": "H",
"PR": "N",
"SCORE": "5.100",
"AV": "L",
"A": "N"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6251285",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6251285",
"title": "IBM Security Bulletin 6251285 (Verify Gateway (IVG))"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-ivg-cve20204369-info-disc (179004)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179004",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.",
"lang": "eng"
}
]
}
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-07-21T00:00:00",
"ID": "CVE-2020-4369",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE"
}

93
2020/4xxx/CVE-2020-4371.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6251287",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6251287",
"title": "IBM Security Bulletin 6251287 (Verify Gateway (IVG))"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179008",
"refsource": "XF",
"name": "ibm-ivg-cve20204371-info-disc (179008)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008."
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"UI": "N",
"S": "U",
"I": "N",
"C": "L",
"SCORE": "4.000",
"PR": "N",
"AV": "L",
"A": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-07-21T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4371"
},
"data_format": "MITRE"
}

87
2020/4xxx/CVE-2020-4372.json
View File

@ -1,17 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-07-21T00:00:00",
"ID": "CVE-2020-4372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"I": "N",
"S": "U",
"UI": "N",
"AC": "L",
"A": "N",
"AV": "L",
"SCORE": "6.200",
"PR": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6251289",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6251289",
"title": "IBM Security Bulletin 6251289 (Verify Gateway (IVG))"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179009",
"name": "ibm-ivg-cve20204372-info-disc (179009)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}

87
2020/4xxx/CVE-2020-4385.json
View File

@ -1,17 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-07-21T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6251291 (Verify Gateway (IVG))",
"name": "https://www.ibm.com/support/pages/node/6251291",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6251291"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179266",
"refsource": "XF",
"name": "ibm-ivg-cve20204385-info-disc (179266)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"AC": "H",
"C": "H",
"I": "N",
"S": "C",
"SCORE": "6.800",
"PR": "N",
"A": "N",
"AV": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}

95
2020/4xxx/CVE-2020-4397.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6251321 (Verify Gateway (IVG))",
"name": "https://www.ibm.com/support/pages/node/6251321",
"url": "https://www.ibm.com/support/pages/node/6251321",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-ivg-cve20204397-info-disc (179428)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179428",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.",
"lang": "eng"
}
]
}
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.800",
"PR": "N",
"AV": "N",
"A": "N",
"AC": "H",
"UI": "N",
"I": "N",
"S": "C",
"C": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4397",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-07-21T00:00:00"
},
"data_format": "MITRE"
}

89
2020/4xxx/CVE-2020-4399.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-07-21T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4399"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AV": "N",
"PR": "L",
"SCORE": "6.500",
"C": "N",
"I": "N",
"S": "U",
"UI": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6251323",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6251323",
"title": "IBM Security Bulletin 6251323 (Verify Gateway (IVG))"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179476",
"refsource": "XF",
"name": "ibm-ivg-cve20204399-dos (179476)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Verify Gateway (IVG)",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476."
}
]
}
},
"data_type": "CVE"
}

91
2020/4xxx/CVE-2020-4400.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
},
"product_name": "Verify Gateway (IVG)"
}
]
}
}
]
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6251279",
"name": "https://www.ibm.com/support/pages/node/6251279",
"title": "IBM Security Bulletin 6251279 (Verify Gateway (IVG))"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-ivg-cve20204400-info-disc (179478)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179478",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AC": "L",
"UI": "N",
"I": "N",
"S": "U",
"C": "H",
"SCORE": "7.500",
"PR": "N",
"AV": "N",
"A": "N"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4400",
"DATE_PUBLIC": "2020-07-21T00:00:00",
"STATE": "PUBLIC"
}
}

4
2020/6xxx/CVE-2020-6267.json
View File

@ -20,7 +20,7 @@
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
"version_value": "10.1"
}
]
}
@ -42,7 +42,7 @@
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},

6
2020/8xxx/CVE-2020-8559.json
View File

@ -29,7 +29,7 @@
{
"version_affected": "<=",
"version_name": "1.18",
"version_value": "1.18.6"
"version_value": "1.18.5"
},
{
"version_name": "1.6",
@ -94,7 +94,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."
"value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."
}
]
},
@ -149,4 +149,4 @@
],
"discovery": "EXTERNAL"
}
}
}