admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-21 18:02:00 +00:00
parent 73f8249749
commit 58a3bb1016
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 1015 additions and 563 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/1xxx/CVE-2019-1551.json
View File

@ -159,6 +159,11 @@
"refsource": "UBUNTU",
"name": "USN-4504-1",
"url": "https://usn.ubuntu.com/4504-1/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

5
2020/11xxx/CVE-2020-11022.json
View File

@ -183,6 +183,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-10",
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
},

53
2020/14xxx/CVE-2020-14225.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL iNotes",
"version": {
"version_data": [
{
"version_value": "versions previous to releases 9.0.1 FP10 IF6"
},
{
"version_value": "10.0.1 FP5 and 11.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Tabnabbing vulnerability\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack."
}
]
}

5
2020/1xxx/CVE-2020-1967.json
View File

@ -196,6 +196,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

5
2020/1xxx/CVE-2020-1971.json
View File

@ -124,6 +124,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-a31b01e945",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
}

18
2020/24xxx/CVE-2020-24421.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2020-10-20T23:00:00.000Z",
"ID": "CVE-2020-24421",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 15.1.2 Memory Corruption Vulnerability"
"TITLE": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug"
},
"affects": {
"vendor": {
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
}
]
},
@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"availabilityImpact": "Low",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}

55
2020/25xxx/CVE-2020-25860.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@vdoo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pengutronix RAUC",
"version": {
"version_data": [
{
"version_value": "All versions before 1.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-Check Time-of-Use (CWE-367)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv",
"url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
},
{
"refsource": "MISC",
"name": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework",
"url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."
}
]
}

76
2020/26xxx/CVE-2020-26422.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=3.4.0, <3.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-20.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-20.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17073",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17073",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.6,
"baseSeverity": "LOW"
}
}
}

50
2020/27xxx/CVE-2020-27254.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
]
}

18
2020/35xxx/CVE-2020-35596.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35597.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35600.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2020/5xxx/CVE-2020-5808.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tenable.sc",
"version": {
"version_data": [
{
"version_value": "All versions prior to 5.17.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration."
}
]
}

50
2020/6xxx/CVE-2020-6881.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "<ZXHN E8810, ZXHN E8820, ZXHN E8822>",
"version": {
"version_data": [
{
"version_value": "<E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}

50
2020/6xxx/CVE-2020-6882.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "<ZXHN E8810, ZXHN E8820, ZXHN E8822>",
"version": {
"version_data": [
{
"version_value": "<E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>"
}
]
}