admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #267 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2020-05-17 09:56:20 -04:00 committed by GitHub
commit 5bc0152a54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
456 changed files with 12006 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2015/1xxx/CVE-2015-1701.json
View File

@ -86,6 +86,11 @@
"name": "1032155",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032155"
},
{
"refsource": "FULLDISC",
"name": "20200514 KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege",
"url": "http://seclists.org/fulldisclosure/2020/May/34"
}
]
}

5
2017/17xxx/CVE-2017-17833.json
View File

@ -81,6 +81,11 @@
"name": "RHSA-2018:2240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-12",
"url": "https://security.gentoo.org/glsa/202005-12"
}
]
}

53
2018/10xxx/CVE-2018-10756.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10756",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"refsource": "MISC",
"name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
}
]
}

5
2018/4xxx/CVE-2018-4013.json
View File

@ -72,6 +72,11 @@
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1582-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

62
2019/13xxx/CVE-2019-13021.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/",
"url": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/"
}
]
}
}

62
2019/13xxx/CVE-2019-13022.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/",
"url": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/"
}
]
}
}

62
2019/13xxx/CVE-2019-13023.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/",
"url": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/"
}
]
}
}

11
2019/13xxx/CVE-2019-13538.json
View File

@ -11,15 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "GmbH",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "3S-Smart Software Solutions GmbH CODESYS V3 Library Manager",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "all versions prior to 3.5.15.0"
"version_value": "3.5.16.0"
}
]
}
@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
},
{
"refsource": "MISC",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f"
}
]
},

15
2019/14xxx/CVE-2019-14532.json
View File

@ -56,6 +56,21 @@
"url": "https://github.com/sleuthkit/sleuthkit/issues/1575",
"refsource": "MISC",
"name": "https://github.com/sleuthkit/sleuthkit/issues/1575"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-94c2f78e0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6e3e0c6386",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-1dd340ab85",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/"
}
]
}

10
2019/15xxx/CVE-2019-15083.json
View File

@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/48473",
"url": "https://www.exploit-db.com/exploits/48473"
}
]
}

5
2019/15xxx/CVE-2019-15232.json
View File

@ -56,6 +56,11 @@
"url": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"name": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

5
2019/17xxx/CVE-2019-17177.json
View File

@ -71,6 +71,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2608",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-07",
"url": "https://security.gentoo.org/glsa/202005-07"
}
]
}

62
2019/17xxx/CVE-2019-17562.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17562",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_value": "Apache CloudStack all versions up to 4.13.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond."
}
]
}
}

10
2019/17xxx/CVE-2019-17571.json
View File

@ -323,6 +323,16 @@
"refsource": "MLIST",
"name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20200514 [GitHub] [kafka] jeffhuang26 commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "DEBIAN",
"name": "DSA-4686",
"url": "https://www.debian.org/security/2020/dsa-4686"
}
]
},

67
2019/17xxx/CVE-2019-17572.json Normal file
View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17572",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache RocketMQ",
"version": {
"version_data": [
{
"version_value": "Apache RocketMQ 4.2.0 to 4.6.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E",
"url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2020/q2/112",
"url": "https://seclists.org/oss-sec/2020/q2/112"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like \u201c../../../../topic2020\u201d is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later."
}
]
}
}

72
2019/18xxx/CVE-2019-18666.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://c1a.eu/dlink-dap-1360.html",
"refsource": "MISC",
"name": "http://c1a.eu/dlink-dap-1360.html"
},
{
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171"
},
{
"refsource": "MISC",
"name": "https://daschloer.github.io/sec/dlink-dap-1360.html",
"url": "https://daschloer.github.io/sec/dlink-dap-1360.html"
}
]
}
}

10
2019/18xxx/CVE-2019-18823.json
View File

@ -81,6 +81,16 @@
"refsource": "MISC",
"name": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-ae934f6790",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EOTJJOSMYKXIYXWSG3H4KN332EDSEB6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-f9a598f815",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5YCZXYS67MLJSHR4OLSWVHBE6PZJSB/"
}
]
}

10
2019/19xxx/CVE-2019-19034.json
View File

@ -56,6 +56,16 @@
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/asset-explorer/sp-readme.html",
"url": "https://www.manageengine.com/products/asset-explorer/sp-readme.html"
},
{
"refsource": "FULLDISC",
"name": "20200515 Asset Explorer (Windows & Linux) - Authenticated Command Execution",
"url": "http://seclists.org/fulldisclosure/2020/May/36"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html"
}
]
}

71
2019/19xxx/CVE-2019-19721.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.videolan.org/security/",
"refsource": "MISC",
"name": "https://www.videolan.org/security/"
},
{
"refsource": "MISC",
"name": "http://hg.libsdl.org/SDL_image/",
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/721940",
"url": "https://bugs.gentoo.org/721940"
},
{
"refsource": "MISC",
"name": "https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b",
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b"
}
]
}

56
2019/20xxx/CVE-2019-20389.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157699/Subrion-CMS-4.2.1-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/157699/Subrion-CMS-4.2.1-Cross-Site-Scripting.html"
}
]
}

56
2019/20xxx/CVE-2019-20390.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157700/Subrion-CMS-4.2.1-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/157700/Subrion-CMS-4.2.1-Cross-Site-Request-Forgery.html"
}
]
}

2
2019/2xxx/CVE-2019-2388.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance."
"value": "In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5."
}
]
},

5
2019/5xxx/CVE-2019-5544.json
View File

@ -78,6 +78,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0199",
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-12",
"url": "https://security.gentoo.org/glsa/202005-12"
}
]
},

5
2019/6xxx/CVE-2019-6256.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4408",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

2
2019/7xxx/CVE-2019-7201.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "An unquoted service path vulnerability is reported to affect the service \u201cQVssService\u201d in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108."
"value": "An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108."
}
]
}

5
2019/7xxx/CVE-2019-7314.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1880",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

5
2019/7xxx/CVE-2019-7733.json
View File

@ -56,6 +56,11 @@
"name": "https://github.com/rgaufman/live555/issues/21",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

5
2019/9xxx/CVE-2019-9215.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1880",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-06",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}

62
2020/0xxx/CVE-2020-0024.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0024",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1 Android-9 Android-10 Android-8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265"
}
]
}
}

62
2020/0xxx/CVE-2020-0064.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0064",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855"
}
]
}
}

62
2020/0xxx/CVE-2020-0065.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0065",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448"
}
]
}
}

62
2020/0xxx/CVE-2020-0090.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0090",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048"
}
]
}
}

62
2020/0xxx/CVE-2020-0091.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0091",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700"
}
]
}
}

62
2020/0xxx/CVE-2020-0092.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0092",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488"
}
]
}
}

62
2020/0xxx/CVE-2020-0093.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0093",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132"
}
]
}
}

62
2020/0xxx/CVE-2020-0094.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0094",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871"
}
]
}
}

62
2020/0xxx/CVE-2020-0096.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0096",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109"
}
]
}
}

62
2020/0xxx/CVE-2020-0097.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0097",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139"
}
]
}
}

62
2020/0xxx/CVE-2020-0098.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0098",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917"
}
]
}
}

62
2020/0xxx/CVE-2020-0100.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0100",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1 Android-8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584"
}
]
}
}

62
2020/0xxx/CVE-2020-0101.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0101",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096"
}
]
}
}

62
2020/0xxx/CVE-2020-0102.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0102",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677"
}
]
}
}

62
2020/0xxx/CVE-2020-0103.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0103",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188"
}
]
}
}

62
2020/0xxx/CVE-2020-0104.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0104",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870"
}
]
}
}

62
2020/0xxx/CVE-2020-0105.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0105",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084"
}
]
}
}

62
2020/0xxx/CVE-2020-0106.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0106",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207"
}
]
}
}

62
2020/0xxx/CVE-2020-0109.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0109",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175"
}
]
}
}

62
2020/0xxx/CVE-2020-0110.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0110",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-05-01",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel"
}
]
}
}

62
2020/0xxx/CVE-2020-0220.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0220",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2020-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561"
}
]
}
}

62
2020/0xxx/CVE-2020-0221.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0221",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2020-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2020-05-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851"
}
]
}
}

15
2020/10xxx/CVE-2020-10232.json
View File

@ -61,6 +61,21 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2137-1] sleuthkit security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00011.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-94c2f78e0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6e3e0c6386",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-1dd340ab85",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/"
}
]
}

15
2020/10xxx/CVE-2020-10233.json
View File

@ -56,6 +56,21 @@
"url": "https://github.com/sleuthkit/sleuthkit/issues/1829",
"refsource": "MISC",
"name": "https://github.com/sleuthkit/sleuthkit/issues/1829"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-94c2f78e0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6e3e0c6386",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-1dd340ab85",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/"
}
]
}

50
2020/10xxx/CVE-2020-10612.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values."
}
]
}

50
2020/10xxx/CVE-2020-10616.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts."
}
]
}

50
2020/10xxx/CVE-2020-10620.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10620",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHORIZATION CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely."
}
]
}

50
2020/10xxx/CVE-2020-10626.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fazecast jSerialComm, Version 2.2.2 and prior",
"version": {
"version_data": [
{
"version_value": "Fazecast jSerialComm, Version 2.2.2 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/ICSA2012601",
"url": "https://www.us-cert.gov/ics/advisories/ICSA2012601"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code."
}
]
}

75
2020/10xxx/CVE-2020-10744.json
View File

@ -4,15 +4,84 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "ansible-engine 2.7.18 and prior"
},
{
"version_value": "ansible-engine 2.8.12 and prior"
},
{
"version_value": "ansible-engine 2.9.9 and prior"
},
{
"version_value": "ansible-tower 3.4.5 and prior"
},
{
"version_value": "ansible-tower 3.5.6 and prior"
},
{
"version_value": "ansible-tower 3.6.4 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
]
}
}

10
2020/11xxx/CVE-2020-11033.json
View File

@ -73,6 +73,16 @@
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-ee30e1109f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-885e2343ed",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
}
]
},

10
2020/11xxx/CVE-2020-11034.json
View File

@ -81,6 +81,16 @@
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-ee30e1109f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-885e2343ed",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
}
]
},

10
2020/11xxx/CVE-2020-11035.json
View File

@ -73,6 +73,16 @@
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-ee30e1109f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-885e2343ed",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
}
]
},

10
2020/11xxx/CVE-2020-11036.json
View File

@ -73,6 +73,16 @@
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-ee30e1109f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-885e2343ed",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/"
}
]
},

15
2020/11xxx/CVE-2020-11057.json
View File

@ -44,14 +44,14 @@
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1",
"refsource": "MISC",
"url": "https://medium.com/@andrew.levkin/tews-4c47cfc011d1"
},
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmp6-jjg8-9424",
"refsource": "CONFIRM",

66
2020/11xxx/CVE-2020-11521.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf"
}
]
}

66
2020/11xxx/CVE-2020-11522.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf"
}
]
}

66
2020/11xxx/CVE-2020-11523.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf"
}
]
}

66
2020/11xxx/CVE-2020-11524.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf"
}
]
}

71
2020/11xxx/CVE-2020-11525.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c",
"url": "https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf"
}
]
}

66
2020/11xxx/CVE-2020-11526.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commits/master",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9"
},
{
"refsource": "CONFIRM",
"name": "https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf",
"url": "https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf"
}
]
}

5
2020/11xxx/CVE-2020-11739.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc3149753",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-08",
"url": "https://security.gentoo.org/glsa/202005-08"
}
]
}

5
2020/11xxx/CVE-2020-11740.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc3149753",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-08",
"url": "https://security.gentoo.org/glsa/202005-08"
}
]
}

5
2020/11xxx/CVE-2020-11741.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc3149753",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-08",
"url": "https://security.gentoo.org/glsa/202005-08"
}
]
}

5
2020/11xxx/CVE-2020-11742.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc3149753",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-08",
"url": "https://security.gentoo.org/glsa/202005-08"
}
]
}

5
2020/11xxx/CVE-2020-11743.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc3149753",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202005-08",
"url": "https://security.gentoo.org/glsa/202005-08"
}
]
}

5
2020/11xxx/CVE-2020-11758.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11759.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11760.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11761.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11762.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11763.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11764.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

5
2020/11xxx/CVE-2020-11765.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4339-1",
"url": "https://usn.ubuntu.com/4339-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-e244f22a51",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/"
}
]
}

107
2020/11xxx/CVE-2020-11931.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-16T00:00:00.000Z",
"ID": "CVE-2020-11931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pulseaudio",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1:8.0",
"version_value": "1:8.0-0ubuntu3.12"
},
{
"version_affected": "<",
"version_name": "1:11.1",
"version_value": "1:11.1-1ubuntu7.7"
},
{
"version_affected": "<",
"version_name": "1:13.0",
"version_value": "1:13.0-1ubuntu1.2"
},
{
"version_affected": "<",
"version_name": "1:13.99.1",
"version_value": "1:13.99.1-1ubuntu3.2"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Henstridge"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3",
"name": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4355-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102"
],
"discovery": "INTERNAL"
}
}

15
2020/11xxx/CVE-2020-11945.json
View File

@ -96,6 +96,21 @@
"refsource": "GENTOO",
"name": "GLSA-202005-05",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-848065cc4c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-a6a921a591",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-56e809930e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
}
]
}

55
2020/11xxx/CVE-2020-11971.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rebind Flaw"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://camel.apache.org/security/CVE-2020-11971.html",
"url": "https://camel.apache.org/security/CVE-2020-11971.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel",
"url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 is affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
}
]
}

60
2020/11xxx/CVE-2020-11972.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Java deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://camel.apache.org/security/CVE-2020-11972.html",
"url": "https://camel.apache.org/security/CVE-2020-11972.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
"url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200514 Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
"url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
}
]
}

55
2020/11xxx/CVE-2020-11973.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Java deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://camel.apache.org/security/CVE-2020-11973.html",
"url": "https://camel.apache.org/security/CVE-2020-11973.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel",
"url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
}
]
}

50
2020/12xxx/CVE-2020-12042.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access."
}
]
}

50
2020/12xxx/CVE-2020-12046.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Opto 22 SoftPAC Project",
"version": {
"version_data": [
{
"version_value": "SoftPAC Project Version 9.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware files\u2019 signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files."
}
]
}

61
2020/12xxx/CVE-2020-12068.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.codesys.com",
"refsource": "MISC",
"name": "https://www.codesys.com"
},
{
"refsource": "MISC",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download="
}
]
}

10
2020/12xxx/CVE-2020-12108.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200507 [SECURITY] [DLA 2204-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0661",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4354-1",
"url": "https://usn.ubuntu.com/4354-1/"
}
]
}

5
2020/12xxx/CVE-2020-12137.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-69f2f1d987",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-20b748e81e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
}
]
}

61
2020/12xxx/CVE-2020-12440.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://nginx.org/en/security_advisories.html",
"refsource": "MISC",
"name": "https://nginx.org/en/security_advisories.html"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a",
"url": "https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a"
}
]
}

10
2020/12xxx/CVE-2020-12458.json
View File

@ -66,6 +66,16 @@
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/CVE-2020-12458",
"url": "https://access.redhat.com/security/cve/CVE-2020-12458"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-d109a1d1d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-c6b0c7ebbb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/"
}
]
}

10
2020/12xxx/CVE-2020-12459.json
View File

@ -71,6 +71,16 @@
"refsource": "CONFIRM",
"name": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277",
"url": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-d109a1d1d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-c6b0c7ebbb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/"
}
]
}

71
2020/12xxx/CVE-2020-12651.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vandyke.com/support/advisory/index.html",
"refsource": "MISC",
"name": "https://www.vandyke.com/support/advisory/index.html"
},
{
"refsource": "MISC",
"name": "https://twitter.com/taviso/status/1261079774190919680",
"url": "https://twitter.com/taviso/status/1261079774190919680"
},
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2033",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2033"
},
{
"refsource": "CONFIRM",
"name": "https://www.vandyke.com/products/securecrt/history.txt",
"url": "https://www.vandyke.com/products/securecrt/history.txt"
}
]
}

86
2020/12xxx/CVE-2020-12677.json
View File

@ -1,17 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://community.progress.com/s/article/MOVEit-Automation-Cross-Site-Scripting-Vulnerability-XSS-May-2020",
"url": "https://community.progress.com/s/article/MOVEit-Automation-Cross-Site-Scripting-Vulnerability-XSS-May-2020"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2018/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2018/ReleaseNotes/en/index.htm#33958.htm"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2018SP1/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2018SP1/ReleaseNotes/en/index.htm#33958.htm"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2018SP2/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2018SP2/ReleaseNotes/en/index.htm#33958.htm"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2019/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2019/ReleaseNotes/en/index.htm#33958.htm"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2019_1/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2019_1/ReleaseNotes/en/index.htm#33958.htm"
},
{
"refsource": "CONFIRM",
"name": "https://docs.ipswitch.com/MOVEit/Automation2019_2/ReleaseNotes/en/index.htm#33958.htm",
"url": "https://docs.ipswitch.com/MOVEit/Automation2019_2/ReleaseNotes/en/index.htm#33958.htm"
}
]
}

61
2020/12xxx/CVE-2020-12685.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.interchangecommerce.org",
"refsource": "MISC",
"name": "https://www.interchangecommerce.org"
},
{
"refsource": "CONFIRM",
"name": "https://www.interchangecommerce.org/i/dev/news?mv_arg=00064",
"url": "https://www.interchangecommerce.org/i/dev/news?mv_arg=00064"
}
]
}

5
2020/12xxx/CVE-2020-12720.json
View File

@ -56,6 +56,11 @@
"url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1",
"refsource": "MISC",
"name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html"
}
]
}

10
2020/12xxx/CVE-2020-12762.json
View File

@ -56,6 +56,16 @@
"refsource": "CONFIRM",
"name": "https://github.com/json-c/json-c/pull/592",
"url": "https://github.com/json-c/json-c/pull/592"
},
{
"refsource": "MISC",
"name": "https://github.com/rsyslog/libfastjson/issues/161",
"url": "https://github.com/rsyslog/libfastjson/issues/161"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-63c6f4ab1d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/"
}
]
}

5
2020/12xxx/CVE-2020-12770.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-4c69987c40",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
}
]
}

Some files were not shown because too many files have changed in this diff Show More