admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Submitting published CVEs

Browse Source
This commit is contained in:
Cisco Talos CNA 2022-04-18 12:08:44 -04:00
parent 428fd935f0
commit 596da40bbe
4 changed files with 272 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2020/13xxx/CVE-2020-13495.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-12",
"ASSIGNER": "talos-cna@cisco.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104"
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_value": "Catalina 10.15.3",
"version_affected": "="
}
]
}
}
]
}
},
{
"vendor_name": "Pixar",
"product": {
"product_data": [
{
"product_name": "OpenUSD",
"version": {
"version_data": [
{
"version_value": "20.05",
"version_affected": "="
}
]
}
}
]
}
}
]
}
}
}

84
2020/13xxx/CVE-2020-13567.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-04",
"ASSIGNER": "talos-cna@cisco.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenEMR",
"product": {
"product_data": [
{
"product_name": "OpenEMR",
"version": {
"version_data": [
{
"version_value": "5.0.2",
"version_affected": "="
},
{
"version_value": "development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)",
"version_affected": "="
}
]
}
}
]
}
},
{
"vendor_name": "phpGACL",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "3.3.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
}
}

62
2020/13xxx/CVE-2020-13590.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-04-08",
"ASSIGNER": "talos-cna@cisco.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
]
},
"impact": {
"cvss": {
"baseScore": 5.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rukovoditel",
"product": {
"product_data": [
{
"product_name": "Project Management App",
"version": {
"version_data": [
{
"version_value": "2.7.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
}
}

62
2020/6xxx/CVE-2020-6099.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-06",
"ASSIGNER": "talos-cna@cisco.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1032",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1032"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Graphisoft",
"product": {
"product_data": [
{
"product_name": "BIMx Desktop Viewer",
"version": {
"version_data": [
{
"version_value": "2019.2.2328",
"version_affected": "="
}
]
}
}
]
}
}
]
}
}
}