admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-07 18:02:00 +00:00
parent c172d5b3f5
commit 5ecbef6ffa
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 1263 additions and 606 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2018/16xxx/CVE-2018-16042.json
View File

@ -61,6 +61,21 @@
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

63
2018/18xxx/CVE-2018-18688.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18688",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

63
2018/18xxx/CVE-2018-18689.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18689",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

48
2018/20xxx/CVE-2018-20313.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20313",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20314.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20314",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20315.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20315",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20316.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20316",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

50
2020/13xxx/CVE-2020-13573.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability."
}
]
}

50
2020/25xxx/CVE-2020-25680.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JBCS httpd",
"version": {
"version_data": [
{
"version_value": "JBCS httpd 2.4.37 SP5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity."
}
]
}

50
2020/27xxx/CVE-2020-27835.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel versions prior to 5.10-rc6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."
}
]
}

106
2020/4xxx/CVE-2020-4892.json
View File

@ -1,26 +1,26 @@
{
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name" : "Emptoris Contract Management",
"version" : {
"version_data" : [
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
}
@ -31,57 +31,57 @@
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM" : {
"AV" : "N",
"AC" : "L",
"A" : "N",
"PR" : "L",
"C" : "L",
"S" : "C",
"UI" : "R",
"I" : "L",
"SCORE" : "5.400"
"BM": {
"AV": "N",
"AC": "L",
"A": "N",
"PR": "L",
"C": "L",
"S": "C",
"UI": "R",
"I": "L",
"SCORE": "5.400"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4892",
"DATE_PUBLIC" : "2021-01-06T00:00:00"
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4892",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6398274",
"url" : "https://www.ibm.com/support/pages/node/6398274",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398274 (Emptoris Contract Management)"
"name": "https://www.ibm.com/support/pages/node/6398274",
"url": "https://www.ibm.com/support/pages/node/6398274",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398274 (Emptoris Contract Management)"
},
{
"name" : "ibm-emptoris-cve20204892-xss (190979)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
"name": "ibm-emptoris-cve20204892-xss (190979)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}

110
2020/4xxx/CVE-2020-4893.json
View File

@ -1,94 +1,94 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4893",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-06T00:00:00"
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4893",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6398282",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)",
"name" : "https://www.ibm.com/support/pages/node/6398282"
"url": "https://www.ibm.com/support/pages/node/6398282",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)",
"name": "https://www.ibm.com/support/pages/node/6398282"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-emptoris-cve20204893-info-disc (190984)"
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984",
"title": "X-Force Vulnerability Report",
"name": "ibm-emptoris-cve20204893-info-disc (190984)"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM" : {
"I" : "N",
"SCORE" : "5.900",
"S" : "U",
"C" : "H",
"UI" : "N",
"AV" : "N",
"A" : "N",
"PR" : "N",
"AC" : "H"
"BM": {
"I": "N",
"SCORE": "5.900",
"S": "U",
"C": "H",
"UI": "N",
"AV": "N",
"A": "N",
"PR": "N",
"AC": "H"
}
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.",
"lang" : "eng"
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.",
"lang": "eng"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "10.1.0"
"version_value": "10.1.0"
},
{
"version_value" : "10.1.1"
"version_value": "10.1.1"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
},
"product_name" : "Emptoris Strategic Supply Management"
"product_name": "Emptoris Strategic Supply Management"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}

110
2020/4xxx/CVE-2020-4895.json
View File

@ -1,79 +1,79 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM" : {
"UI" : "N",
"C" : "L",
"S" : "C",
"AV" : "N",
"A" : "N",
"AC" : "L",
"PR" : "L",
"I" : "L",
"SCORE" : "6.400"
"BM": {
"UI": "N",
"C": "L",
"S": "C",
"AV": "N",
"A": "N",
"AC": "L",
"PR": "L",
"I": "L",
"SCORE": "6.400"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6398286",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398286 (Emptoris Sourcing)",
"url" : "https://www.ibm.com/support/pages/node/6398286"
"name": "https://www.ibm.com/support/pages/node/6398286",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398286 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-emptoris-cve20204895-xss (190986)"
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986",
"title": "X-Force Vulnerability Report",
"name": "ibm-emptoris-cve20204895-xss (190986)"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-01-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4895"
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4895"
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name" : "Emptoris Sourcing",
"version" : {
"version_data" : [
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value" : "10.1.0"
"version_value": "10.1.0"
},
{
"version_value" : "10.1.1"
"version_value": "10.1.1"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
}
@ -84,12 +84,12 @@
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
"data_format": "MITRE",
"description": {
"description_data": [
{
"value" : "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.",
"lang" : "eng"
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.",
"lang": "eng"
}
]
}

110
2020/4xxx/CVE-2020-4896.json
View File

@ -1,95 +1,95 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Access",
"lang" : "eng"
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM" : {
"SCORE" : "6.500",
"I" : "L",
"UI" : "N",
"C" : "L",
"S" : "U",
"A" : "N",
"AC" : "L",
"PR" : "N",
"AV" : "N"
"BM": {
"SCORE": "6.500",
"I": "L",
"UI": "N",
"C": "L",
"S": "U",
"A": "N",
"AC": "L",
"PR": "N",
"AV": "N"
}
}
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6398284",
"title" : "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6398284"
"name": "https://www.ibm.com/support/pages/node/6398284",
"title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name" : "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987",
"refsource" : "XF"
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987",
"refsource": "XF"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-01-06T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4896",
"ASSIGNER" : "psirt@us.ibm.com"
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-06T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4896",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "10.1.0"
"version_value": "10.1.0"
},
{
"version_value" : "10.1.1"
"version_value": "10.1.1"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
},
"product_name" : "Emptoris Sourcing"
"product_name": "Emptoris Sourcing"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
]
}

130
2020/4xxx/CVE-2020-4897.json
View File

@ -1,105 +1,105 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4897",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-06T00:00:00"
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4897",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM" : {
"SCORE" : "5.300",
"I" : "N",
"PR" : "N",
"A" : "N",
"AC" : "L",
"AV" : "N",
"UI" : "N",
"S" : "U",
"C" : "L"
"BM": {
"SCORE": "5.300",
"I": "N",
"PR": "N",
"A": "N",
"AC": "L",
"AV": "N",
"UI": "N",
"S": "U",
"C": "L"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
"url" : "https://www.ibm.com/support/pages/node/6398276",
"name" : "https://www.ibm.com/support/pages/node/6398276"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
"url": "https://www.ibm.com/support/pages/node/6398276",
"name": "https://www.ibm.com/support/pages/node/6398276"
},
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
"url" : "https://www.ibm.com/support/pages/node/6398280",
"name" : "https://www.ibm.com/support/pages/node/6398280"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398280",
"name": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name" : "ibm-emptoris-cve20204897-info-disc (190988)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "10.1.0"
"version_value": "10.1.0"
},
{
"version_value" : "10.1.1"
"version_value": "10.1.1"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
},
"product_name" : "Emptoris Contract Management"
"product_name": "Emptoris Contract Management"
},
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "10.1.0"
"version_value": "10.1.0"
},
{
"version_value" : "10.1.1"
"version_value": "10.1.1"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
},
"product_name" : "Emptoris Spend Analysis"
"product_name": "Emptoris Spend Analysis"
}
]
}
@ -107,11 +107,11 @@
]
}
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
"lang": "eng",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
]
}

106
2020/4xxx/CVE-2020-4898.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2020-4898",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-06T00:00:00"
"CVE_data_meta": {
"ID": "CVE-2020-4898",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM" : {
"I" : "N",
"SCORE" : "5.900",
"AV" : "N",
"PR" : "N",
"A" : "N",
"AC" : "H",
"C" : "H",
"S" : "U",
"UI" : "N"
"BM": {
"I": "N",
"SCORE": "5.900",
"AV": "N",
"PR": "N",
"A": "N",
"AC": "H",
"C": "H",
"S": "U",
"UI": "N"
}
}
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/6398278",
"title" : "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6398278"
"name": "https://www.ibm.com/support/pages/node/6398278",
"title": "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989",
"refsource" : "XF",
"name" : "ibm-emptoris-cve20204898-info-disc (190989)"
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989",
"refsource": "XF",
"name": "ibm-emptoris-cve20204898-info-disc (190989)"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
},
"product_name" : "Emptoris Strategic Supply Management"
"product_name": "Emptoris Strategic Supply Management"
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
"data_format": "MITRE",
"description": {
"description_data": [
{
"value" : "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.",
"lang" : "eng"
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.",
"lang": "eng"
}
]
}

115
2020/6xxx/CVE-2020-6655.json
View File

@ -1,18 +1,121 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"ID": "CVE-2020-6655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "File parsing Out-Of-Bounds read remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easySoft Software",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Francis Provencher from ZDI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Eaton's easySoft software v7.20 and prior are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Apply the patch once it is provided by Eaton. "
}
],
"source": {
"advisory": "ETN-VA-2020-1009",
"defect": [
"ETN-VA-2020-1009"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Do not upload the E70 file from an untrusted source."
}
]
}

125
2020/6xxx/CVE-2020-6656.json
View File

@ -1,18 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"ID": "CVE-2020-6656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "File parsing Type Confusion Remote code execution vulerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easySoft Software",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Francis Provencher from ZDI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Apply the patch once it is provided by Eaton. "
}
],
"source": {
"advisory": "ETN-VA-2020-1009",
"defect": [
"ETN-VA-2020-1009"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Do not upload the E70 file from an untrusted source."
}
]
}

2
2020/9xxx/CVE-2020-9048.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack."
"value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack."
}
]
},