admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-21 18:02:00 +00:00
parent 73f8249749
commit 58a3bb1016
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 1015 additions and 563 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/1xxx/CVE-2019-1551.json
View File

@ -159,6 +159,11 @@
"refsource": "UBUNTU",
"name": "USN-4504-1",
"url": "https://usn.ubuntu.com/4504-1/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

5
2020/11xxx/CVE-2020-11022.json
View File

@ -183,6 +183,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-10",
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
},

53
2020/14xxx/CVE-2020-14225.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5 and 11.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Tabnabbing vulnerability\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
]
}

5
2020/1xxx/CVE-2020-1967.json
View File

@ -196,6 +196,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

5
2020/1xxx/CVE-2020-1971.json
View File

@ -124,6 +124,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-a31b01e945",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

18
2020/24xxx/CVE-2020-24421.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2020-10-20T23:00:00.000Z",
"ID": "CVE-2020-24421",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 15.1.2 Memory Corruption Vulnerability"
"TITLE": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug"
},
"affects": {
"vendor": {
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
}
]
},
@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"availabilityImpact": "Low",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}

55
2020/25xxx/CVE-2020-25860.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@vdoo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pengutronix RAUC",
"version": {
"version_data": [
{
"version_value": "All versions before 1.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-Check Time-of-Use (CWE-367)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv",
"url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
},
{
"refsource": "MISC",
"name": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework",
"url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."
}
]
}

76
2020/26xxx/CVE-2020-26422.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=3.4.0, <3.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-20.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-20.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17073",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17073",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.6,
"baseSeverity": "LOW"
}
}
}

50
2020/27xxx/CVE-2020-27254.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
]
}

18
2020/35xxx/CVE-2020-35596.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35597.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35600.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

284
2020/4xxx/CVE-2020-4555.json
View File

@ -1,144 +1,144 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Financial Transaction Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0.2"
},
{
"version_value" : "2.1.1"
},
{
"version_value" : "3.1.0"
},
{
"version_value" : "3.0.5"
},
{
"version_value" : "3.0.6"
},
{
"version_value" : "3.0.0"
},
{
"version_value" : "3.2.2"
},
{
"version_value" : "3.2.3"
},
{
"version_value" : "3.2.4"
}
]
}
}
]
}
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"AV" : "N",
"PR" : "L",
"AC" : "L",
"I" : "L",
"C" : "L",
"SCORE" : "6.300",
"A" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Financial Transaction Manager",
"version": {
"version_data": [
{
"version_value": "3.0.2"
},
{
"version_value": "2.1.1"
},
{
"version_value": "3.1.0"
},
{
"version_value": "3.0.5"
},
{
"version_value": "3.0.6"
},
{
"version_value": "3.0.0"
},
{
"version_value": "3.2.2"
},
{
"version_value": "3.2.3"
},
{
"version_value": "3.2.4"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388702",
"title" : "IBM Security Bulletin 6388702 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388702"
},
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388744",
"title" : "IBM Security Bulletin 6388744 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388744"
},
{
"title" : "IBM Security Bulletin 6388708 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388708",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388708"
},
{
"title" : "IBM Security Bulletin 6388706 (Financial Transaction Manager)",
"url" : "https://www.ibm.com/support/pages/node/6388706",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6388706"
},
{
"url" : "https://www.ibm.com/support/pages/node/6388704",
"title" : "IBM Security Bulletin 6388704 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6388704",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6388722",
"title" : "IBM Security Bulletin 6388722 (Financial Transaction Manager)",
"name" : "https://www.ibm.com/support/pages/node/6388722",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/183328",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ftm-cve20204555-session-fixation (183328)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4555",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.",
"lang" : "eng"
}
]
}
}
}
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"AV": "N",
"PR": "L",
"AC": "L",
"I": "L",
"C": "L",
"SCORE": "6.300",
"A": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6388702",
"title": "IBM Security Bulletin 6388702 (Financial Transaction Manager)",
"url": "https://www.ibm.com/support/pages/node/6388702"
},
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6388744",
"title": "IBM Security Bulletin 6388744 (Financial Transaction Manager)",
"url": "https://www.ibm.com/support/pages/node/6388744"
},
{
"title": "IBM Security Bulletin 6388708 (Financial Transaction Manager)",
"url": "https://www.ibm.com/support/pages/node/6388708",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6388708"
},
{
"title": "IBM Security Bulletin 6388706 (Financial Transaction Manager)",
"url": "https://www.ibm.com/support/pages/node/6388706",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6388706"
},
{
"url": "https://www.ibm.com/support/pages/node/6388704",
"title": "IBM Security Bulletin 6388704 (Financial Transaction Manager)",
"name": "https://www.ibm.com/support/pages/node/6388704",
"refsource": "CONFIRM"
},
{
"url": "https://www.ibm.com/support/pages/node/6388722",
"title": "IBM Security Bulletin 6388722 (Financial Transaction Manager)",
"name": "https://www.ibm.com/support/pages/node/6388722",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183328",
"title": "X-Force Vulnerability Report",
"name": "ibm-ftm-cve20204555-session-fixation (183328)",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2020-4555",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-12-18T00:00:00",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.",
"lang": "eng"
}
]
}
}

176
2020/4xxx/CVE-2020-4757.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "3.0.CD"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"I" : "L",
"A" : "N",
"SCORE" : "6.400",
"UI" : "N",
"AV" : "N",
"S" : "C",
"PR" : "L",
"AC" : "L"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value": "3.0.CD"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6388806",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6388806",
"title" : "IBM Security Bulletin 6388806 (Content Navigator)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188600",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-filenet-cve20204757-xss (188600)",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4757"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.",
"lang" : "eng"
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "L",
"I": "L",
"A": "N",
"SCORE": "6.400",
"UI": "N",
"AV": "N",
"S": "C",
"PR": "L",
"AC": "L"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6388806",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6388806",
"title": "IBM Security Bulletin 6388806 (Content Navigator)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188600",
"title": "X-Force Vulnerability Report",
"name": "ibm-filenet-cve20204757-xss (188600)",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-12-18T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4757"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.",
"lang": "eng"
}
]
}
}

236
2020/4xxx/CVE-2020-4794.json
View File

@ -1,122 +1,122 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6359463 (Automation Workstream Services)",
"url" : "https://www.ibm.com/support/pages/node/6359463",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6359463"
},
{
"name" : "ibm-icp4a-cve20204794-input-validation (189445)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4794",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Automation Workstream Services",
"version" : {
"version_data" : [
{
"version_value" : "19.0.3"
},
{
"version_value" : "20.0.1"
},
{
"version_value" : "20.0.2"
}
]
}
},
{
"product_name" : "Business Process Manager",
"version" : {
"version_data" : [
{
"version_value" : "8.6"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "19.0"
},
{
"version_value" : "20.0"
},
{
"version_value" : "18.0"
}
]
},
"product_name" : "Business Automation Workflow"
}
]
}
"title": "IBM Security Bulletin 6359463 (Automation Workstream Services)",
"url": "https://www.ibm.com/support/pages/node/6359463",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6359463"
},
{
"name": "ibm-icp4a-cve20204794-input-validation (189445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445",
"title": "X-Force Vulnerability Report"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "5.400",
"A" : "L",
"I" : "N",
"C" : "L",
"AC" : "L",
"PR" : "L",
"S" : "U",
"AV" : "N",
"UI" : "N"
}
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4794",
"DATE_PUBLIC": "2020-12-18T00:00:00",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Automation Workstream Services",
"version": {
"version_data": [
{
"version_value": "19.0.3"
},
{
"version_value": "20.0.1"
},
{
"version_value": "20.0.2"
}
]
}
},
{
"product_name": "Business Process Manager",
"version": {
"version_data": [
{
"version_value": "8.6"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "19.0"
},
{
"version_value": "20.0"
},
{
"version_value": "18.0"
}
]
},
"product_name": "Business Automation Workflow"
}
]
}
}
]
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "5.400",
"A": "L",
"I": "N",
"C": "L",
"AC": "L",
"PR": "L",
"S": "U",
"AV": "N",
"UI": "N"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
}
}

206
2020/4xxx/CVE-2020-4870.json
View File

@ -1,106 +1,106 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4870",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6380742",
"title" : "IBM Security Bulletin 6380742 (MQ Appliance)",
"name" : "https://www.ibm.com/support/pages/node/6380742",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6386466",
"title" : "IBM Security Bulletin 6386466 (MQ)",
"name" : "https://www.ibm.com/support/pages/node/6386466",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20204870-dos (190833)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"PR" : "N",
"AC" : "H",
"S" : "U",
"UI" : "N",
"AV" : "N",
"SCORE" : "5.900",
"A" : "H",
"I" : "N",
"C" : "N"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.2.0"
}
]
},
"product_name" : "MQ"
},
{
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.0"
}
]
},
"product_name" : "MQ Appliance"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833."
}
]
}
}
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4870",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-12-18T00:00:00",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6380742",
"title": "IBM Security Bulletin 6380742 (MQ Appliance)",
"name": "https://www.ibm.com/support/pages/node/6380742",
"refsource": "CONFIRM"
},
{
"url": "https://www.ibm.com/support/pages/node/6386466",
"title": "IBM Security Bulletin 6386466 (MQ)",
"name": "https://www.ibm.com/support/pages/node/6386466",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190833",
"title": "X-Force Vulnerability Report",
"name": "ibm-mq-cve20204870-dos (190833)",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"PR": "N",
"AC": "H",
"S": "U",
"UI": "N",
"AV": "N",
"SCORE": "5.900",
"A": "H",
"I": "N",
"C": "N"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.2.0"
}
]
},
"product_name": "MQ"
},
{
"version": {
"version_data": [
{
"version_value": "9.2.0.0"
}
]
},
"product_name": "MQ Appliance"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

164
2020/4xxx/CVE-2020-4988.json
View File

@ -1,84 +1,84 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"A" : "L",
"SCORE" : "7.300",
"AC" : "L",
"I" : "L",
"C" : "L",
"S" : "U",
"UI" : "N",
"PR" : "N"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706."
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4988",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-12-18T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-loopback-cve20204988-code-exec (192706)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192706"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Loopback",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.0.0"
}
]
},
"product_name" : "Loopback"
}
]
}
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "N",
"A": "L",
"SCORE": "7.300",
"AC": "L",
"I": "L",
"C": "L",
"S": "U",
"UI": "N",
"PR": "N"
}
]
}
},
"data_version" : "4.0"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706."
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-4988",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-12-18T00:00:00",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-loopback-cve20204988-code-exec (192706)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192706"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Loopback",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.0.0"
}
]
},
"product_name": "Loopback"
}
]
}
}
]
}
},
"data_version": "4.0"
}

50
2020/5xxx/CVE-2020-5808.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tenable.sc",
"version": {
"version_data": [
{
"version_value": "All versions prior to 5.17.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration."
}
]
}

50
2020/6xxx/CVE-2020-6881.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "<ZXHN E8810, ZXHN E8820, ZXHN E8822>",
"version": {
"version_data": [
{
"version_value": "<E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}

50
2020/6xxx/CVE-2020-6882.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "<ZXHN E8810, ZXHN E8820, ZXHN E8822>",
"version": {
"version_data": [
{
"version_value": "<E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}