From 5ecbef6ffa18f7f5678ca762c743eebae900ad75 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Jan 2021 18:02:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16042.json | 15 +++ 2018/18xxx/CVE-2018-18688.json | 63 ++++++++- 2018/18xxx/CVE-2018-18689.json | 63 ++++++++- 2018/20xxx/CVE-2018-20313.json | 48 ++++++- 2018/20xxx/CVE-2018-20314.json | 48 ++++++- 2018/20xxx/CVE-2018-20315.json | 48 ++++++- 2018/20xxx/CVE-2018-20316.json | 48 ++++++- 2020/13xxx/CVE-2020-13573.json | 50 ++++++- 2020/25xxx/CVE-2020-25680.json | 50 ++++++- 2020/27xxx/CVE-2020-27835.json | 50 ++++++- 2020/4xxx/CVE-2020-4892.json | 172 ++++++++++++------------ 2020/4xxx/CVE-2020-4893.json | 186 +++++++++++++------------- 2020/4xxx/CVE-2020-4895.json | 188 +++++++++++++------------- 2020/4xxx/CVE-2020-4896.json | 186 +++++++++++++------------- 2020/4xxx/CVE-2020-4897.json | 232 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4898.json | 176 ++++++++++++------------- 2020/6xxx/CVE-2020-6655.json | 117 ++++++++++++++++- 2020/6xxx/CVE-2020-6656.json | 127 +++++++++++++++++- 2020/9xxx/CVE-2020-9048.json | 2 +- 19 files changed, 1263 insertions(+), 606 deletions(-) diff --git a/2018/16xxx/CVE-2018-16042.json b/2018/16xxx/CVE-2018-16042.json index b07111a05fc..47b4e276b43 100644 --- a/2018/16xxx/CVE-2018-16042.json +++ b/2018/16xxx/CVE-2018-16042.json @@ -61,6 +61,21 @@ "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/evaluation_2018.html", + "url": "https://pdf-insecurity.org/signature/evaluation_2018.html" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/signature.html", + "url": "https://pdf-insecurity.org/signature/signature.html" + }, + { + "refsource": "MISC", + "name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/", + "url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/" } ] } diff --git a/2018/18xxx/CVE-2018-18688.json b/2018/18xxx/CVE-2018-18688.json index 26adcf81ec3..137aa2fc86f 100644 --- a/2018/18xxx/CVE-2018-18688.json +++ b/2018/18xxx/CVE-2018-18688.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18688", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/evaluation_2018.html", + "url": "https://pdf-insecurity.org/signature/evaluation_2018.html" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/signature.html", + "url": "https://pdf-insecurity.org/signature/signature.html" + }, + { + "refsource": "MISC", + "name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/", + "url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/" } ] } diff --git a/2018/18xxx/CVE-2018-18689.json b/2018/18xxx/CVE-2018-18689.json index 8c9a0b68579..694ca5126fe 100644 --- a/2018/18xxx/CVE-2018-18689.json +++ b/2018/18xxx/CVE-2018-18689.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18689", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/evaluation_2018.html", + "url": "https://pdf-insecurity.org/signature/evaluation_2018.html" + }, + { + "refsource": "MISC", + "name": "https://pdf-insecurity.org/signature/signature.html", + "url": "https://pdf-insecurity.org/signature/signature.html" + }, + { + "refsource": "MISC", + "name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/", + "url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/" } ] } diff --git a/2018/20xxx/CVE-2018-20313.json b/2018/20xxx/CVE-2018-20313.json index 3515c5d413b..2c96386d0a9 100644 --- a/2018/20xxx/CVE-2018-20313.json +++ b/2018/20xxx/CVE-2018-20313.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20313", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" } ] } diff --git a/2018/20xxx/CVE-2018-20314.json b/2018/20xxx/CVE-2018-20314.json index d4a2fa9a510..ec653fb6be9 100644 --- a/2018/20xxx/CVE-2018-20314.json +++ b/2018/20xxx/CVE-2018-20314.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20314", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" } ] } diff --git a/2018/20xxx/CVE-2018-20315.json b/2018/20xxx/CVE-2018-20315.json index 8ebee2bfc1e..7d03825c232 100644 --- a/2018/20xxx/CVE-2018-20315.json +++ b/2018/20xxx/CVE-2018-20315.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20315", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" } ] } diff --git a/2018/20xxx/CVE-2018-20316.json b/2018/20xxx/CVE-2018-20316.json index 2fc1aca48e7..ebec95ef9c8 100644 --- a/2018/20xxx/CVE-2018-20316.json +++ b/2018/20xxx/CVE-2018-20316.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20316", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" } ] } diff --git a/2020/13xxx/CVE-2020-13573.json b/2020/13xxx/CVE-2020-13573.json index 58b0ee9d4d9..09ede6a28fa 100644 --- a/2020/13xxx/CVE-2020-13573.json +++ b/2020/13xxx/CVE-2020-13573.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability." } ] } diff --git a/2020/25xxx/CVE-2020-25680.json b/2020/25xxx/CVE-2020-25680.json index d5e436e9cfd..3dcae83093b 100644 --- a/2020/25xxx/CVE-2020-25680.json +++ b/2020/25xxx/CVE-2020-25680.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "JBCS httpd", + "version": { + "version_data": [ + { + "version_value": "JBCS httpd 2.4.37 SP5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity." } ] } diff --git a/2020/27xxx/CVE-2020-27835.json b/2020/27xxx/CVE-2020-27835.json index 4cf3ad9c1c8..448dae52550 100644 --- a/2020/27xxx/CVE-2020-27835.json +++ b/2020/27xxx/CVE-2020-27835.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel versions prior to 5.10-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system." } ] } diff --git a/2020/4xxx/CVE-2020-4892.json b/2020/4xxx/CVE-2020-4892.json index e71e205c08f..f0f5f0c9f3c 100644 --- a/2020/4xxx/CVE-2020-4892.json +++ b/2020/4xxx/CVE-2020-4892.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979." - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Contract Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.3" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979." } - ] - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - }, - "BM" : { - "AV" : "N", - "AC" : "L", - "A" : "N", - "PR" : "L", - "C" : "L", - "S" : "C", - "UI" : "R", - "I" : "L", - "SCORE" : "5.400" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4892", - "DATE_PUBLIC" : "2021-01-06T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6398274", - "url" : "https://www.ibm.com/support/pages/node/6398274", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398274 (Emptoris Contract Management)" - }, - { - "name" : "ibm-emptoris-cve20204892-xss (190979)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Emptoris Contract Management", + "version": { + "version_data": [ + { + "version_value": "10.1.3" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "H" + }, + "BM": { + "AV": "N", + "AC": "L", + "A": "N", + "PR": "L", + "C": "L", + "S": "C", + "UI": "R", + "I": "L", + "SCORE": "5.400" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4892", + "DATE_PUBLIC": "2021-01-06T00:00:00" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6398274", + "url": "https://www.ibm.com/support/pages/node/6398274", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398274 (Emptoris Contract Management)" + }, + { + "name": "ibm-emptoris-cve20204892-xss (190979)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4893.json b/2020/4xxx/CVE-2020-4893.json index 3655e5bfc5a..260a6510ce0 100644 --- a/2020/4xxx/CVE-2020-4893.json +++ b/2020/4xxx/CVE-2020-4893.json @@ -1,96 +1,96 @@ { - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4893", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-06T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6398282", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)", - "name" : "https://www.ibm.com/support/pages/node/6398282" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-emptoris-cve20204893-info-disc (190984)" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "I" : "N", - "SCORE" : "5.900", - "S" : "U", - "C" : "H", - "UI" : "N", - "AV" : "N", - "A" : "N", - "PR" : "N", - "AC" : "H" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Strategic Supply Management" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - } -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-4893", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-06T00:00:00" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6398282", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)", + "name": "https://www.ibm.com/support/pages/node/6398282" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984", + "title": "X-Force Vulnerability Report", + "name": "ibm-emptoris-cve20204893-info-disc (190984)" + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "I": "N", + "SCORE": "5.900", + "S": "U", + "C": "H", + "UI": "N", + "AV": "N", + "A": "N", + "PR": "N", + "AC": "H" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Strategic Supply Management" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4895.json b/2020/4xxx/CVE-2020-4895.json index ddd2b7271a4..d16d137033e 100644 --- a/2020/4xxx/CVE-2020-4895.json +++ b/2020/4xxx/CVE-2020-4895.json @@ -1,96 +1,96 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "C" : "L", - "S" : "C", - "AV" : "N", - "A" : "N", - "AC" : "L", - "PR" : "L", - "I" : "L", - "SCORE" : "6.400" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6398286", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398286 (Emptoris Sourcing)", - "url" : "https://www.ibm.com/support/pages/node/6398286" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-emptoris-cve20204895-xss (190986)" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-01-06T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4895" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Sourcing", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "N", + "C": "L", + "S": "C", + "AV": "N", + "A": "N", + "AC": "L", + "PR": "L", + "I": "L", + "SCORE": "6.400" } - ] - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6398286", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398286 (Emptoris Sourcing)", + "url": "https://www.ibm.com/support/pages/node/6398286" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986", + "title": "X-Force Vulnerability Report", + "name": "ibm-emptoris-cve20204895-xss (190986)" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-01-06T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4895" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Emptoris Sourcing", + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4896.json b/2020/4xxx/CVE-2020-4896.json index 8d37bb3cc54..e7fac40ed8d 100644 --- a/2020/4xxx/CVE-2020-4896.json +++ b/2020/4xxx/CVE-2020-4896.json @@ -1,96 +1,96 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "SCORE" : "6.500", - "I" : "L", - "UI" : "N", - "C" : "L", - "S" : "U", - "A" : "N", - "AC" : "L", - "PR" : "N", - "AV" : "N" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6398284", - "title" : "IBM Security Bulletin 6398284 (Emptoris Sourcing)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6398284" - }, - { - "name" : "ibm-emptoris-cve20204896-cache-poisoning (190987)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-01-06T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4896", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Sourcing" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987." - } - ] - } -} + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "SCORE": "6.500", + "I": "L", + "UI": "N", + "C": "L", + "S": "U", + "A": "N", + "AC": "L", + "PR": "N", + "AV": "N" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6398284", + "title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6398284" + }, + { + "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-01-06T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4896", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Sourcing" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4897.json b/2020/4xxx/CVE-2020-4897.json index f4b96d0e306..49fdebd2986 100644 --- a/2020/4xxx/CVE-2020-4897.json +++ b/2020/4xxx/CVE-2020-4897.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4897", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-06T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "SCORE" : "5.300", - "I" : "N", - "PR" : "N", - "A" : "N", - "AC" : "L", - "AV" : "N", - "UI" : "N", - "S" : "U", - "C" : "L" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)", - "url" : "https://www.ibm.com/support/pages/node/6398276", - "name" : "https://www.ibm.com/support/pages/node/6398276" - }, - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398280 (Emptoris Contract Management)", - "url" : "https://www.ibm.com/support/pages/node/6398280", - "name" : "https://www.ibm.com/support/pages/node/6398280" - }, - { - "name" : "ibm-emptoris-cve20204897-info-disc (190988)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Contract Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Spend Analysis" - } - ] - } + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-4897", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-06T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "SCORE": "5.300", + "I": "N", + "PR": "N", + "A": "N", + "AC": "L", + "AV": "N", + "UI": "N", + "S": "U", + "C": "L" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988." - } - ] - } -} + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)", + "url": "https://www.ibm.com/support/pages/node/6398276", + "name": "https://www.ibm.com/support/pages/node/6398276" + }, + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)", + "url": "https://www.ibm.com/support/pages/node/6398280", + "name": "https://www.ibm.com/support/pages/node/6398280" + }, + { + "name": "ibm-emptoris-cve20204897-info-disc (190988)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Contract Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Spend Analysis" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4898.json b/2020/4xxx/CVE-2020-4898.json index 72d999c06ce..345ce625f61 100644 --- a/2020/4xxx/CVE-2020-4898.json +++ b/2020/4xxx/CVE-2020-4898.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ID" : "CVE-2020-4898", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-01-06T00:00:00" - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "N", - "SCORE" : "5.900", - "AV" : "N", - "PR" : "N", - "A" : "N", - "AC" : "H", - "C" : "H", - "S" : "U", - "UI" : "N" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6398278", - "title" : "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6398278" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989", - "refsource" : "XF", - "name" : "ibm-emptoris-cve20204898-info-disc (190989)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Strategic Supply Management" - } - ] - }, - "vendor_name" : "IBM" + "CVE_data_meta": { + "ID": "CVE-2020-4898", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-01-06T00:00:00" + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "N", + "SCORE": "5.900", + "AV": "N", + "PR": "N", + "A": "N", + "AC": "H", + "C": "H", + "S": "U", + "UI": "N" } - ] - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.", - "lang" : "eng" - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6398278", + "title": "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6398278" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989", + "refsource": "XF", + "name": "ibm-emptoris-cve20204898-info-disc (190989)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Strategic Supply Management" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6655.json b/2020/6xxx/CVE-2020-6655.json index 8c6271bbc3e..1754a0463c2 100644 --- a/2020/6xxx/CVE-2020-6655.json +++ b/2020/6xxx/CVE-2020-6655.json @@ -1,18 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "CybersecurityCOE@eaton.com", "ID": "CVE-2020-6655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "File parsing Out-Of-Bounds read remote code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "easySoft Software", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.20" + } + ] + } + } + ] + }, + "vendor_name": "Eaton" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Eaton would like to thank Francis Provencher from ZDI" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Eaton's easySoft software v7.20 and prior are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf", + "name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf" + }, + { + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Apply the patch once it is provided by Eaton. " + } + ], + "source": { + "advisory": "ETN-VA-2020-1009", + "defect": [ + "ETN-VA-2020-1009" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Do not upload the E70 file from an untrusted source." + } + ] } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6656.json b/2020/6xxx/CVE-2020-6656.json index 8af61adf409..33b581cccd4 100644 --- a/2020/6xxx/CVE-2020-6656.json +++ b/2020/6xxx/CVE-2020-6656.json @@ -1,18 +1,131 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "CybersecurityCOE@eaton.com", "ID": "CVE-2020-6656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "File parsing Type Confusion Remote code execution vulerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "easySoft Software", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.20" + } + ] + } + } + ] + }, + "vendor_name": "Eaton" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Eaton would like to thank Francis Provencher from ZDI" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf", + "name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf" + }, + { + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/" + }, + { + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/" + }, + { + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Apply the patch once it is provided by Eaton. " + } + ], + "source": { + "advisory": "ETN-VA-2020-1009", + "defect": [ + "ETN-VA-2020-1009" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Do not upload the E70 file from an untrusted source." + } + ] } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9048.json b/2020/9xxx/CVE-2020-9048.json index e2c7cebf3e3..2352175c6c5 100644 --- a/2020/9xxx/CVE-2020-9048.json +++ b/2020/9xxx/CVE-2020-9048.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack." + "value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack." } ] },