admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-16 16:01:23 +00:00
parent b0d664d1e6
commit 64fb59f3cf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
34 changed files with 1604 additions and 664 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2019/19xxx/CVE-2019-19135.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://opcfoundation.org/security-bulletins/",
"refsource": "MISC",
"name": "https://opcfoundation.org/security-bulletins/"
},
{
"refsource": "CONFIRM",
"name": "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf",
"url": "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19509.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html"
}
]
}

61
2019/19xxx/CVE-2019-19851.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities",
"refsource": "MISC",
"name": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"refsource": "CONFIRM",
"name": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module",
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
}
]
}

61
2019/19xxx/CVE-2019-19940.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html",
"refsource": "MISC",
"name": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt",
"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt"
}
]
}

61
2019/19xxx/CVE-2019-19941.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html",
"refsource": "MISC",
"name": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt",
"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt"
}
]
}

61
2019/19xxx/CVE-2019-19942.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html",
"refsource": "MISC",
"name": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt",
"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt"
}
]
}

5
2019/20xxx/CVE-2019-20503.json
View File

@ -101,6 +101,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0816",
"url": "https://access.redhat.com/errata/RHSA-2020:0816"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0820",
"url": "https://access.redhat.com/errata/RHSA-2020:0820"
}
]
}

106
2019/4xxx/CVE-2019-4617.json
View File

@ -1,62 +1,62 @@
{
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Gain Privileges",
"lang" : "eng"
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4617",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-13T00:00:00",
"STATE" : "PUBLIC"
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-4617",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-03-13T00:00:00",
"STATE": "PUBLIC"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.",
"lang" : "eng"
"value": "IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.",
"lang": "eng"
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 5737689 (Cloud Automation Manager)",
"url" : "https://www.ibm.com/support/pages/node/5737689",
"name" : "https://www.ibm.com/support/pages/node/5737689"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 5737689 (Cloud Automation Manager)",
"url": "https://www.ibm.com/support/pages/node/5737689",
"name": "https://www.ibm.com/support/pages/node/5737689"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168645",
"name" : "ibm-cam-cve20194617-session-fixation (168645)"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168645",
"name": "ibm-cam-cve20194617-session-fixation (168645)"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name" : "Cloud Automation Manager",
"version" : {
"version_data" : [
"product_name": "Cloud Automation Manager",
"version": {
"version_data": [
{
"version_value" : "3.2.1.0"
"version_value": "3.2.1.0"
}
]
}
@ -67,23 +67,23 @@
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM" : {
"AC" : "L",
"PR" : "N",
"AV" : "L",
"A" : "L",
"I" : "L",
"SCORE" : "5.900",
"UI" : "N",
"C" : "L",
"S" : "U"
"BM": {
"AC": "L",
"PR": "N",
"AV": "L",
"A": "L",
"I": "L",
"SCORE": "5.900",
"UI": "N",
"C": "L",
"S": "U"
}
}
}

204
2019/4xxx/CVE-2019-4619.json
View File

@ -1,237 +1,237 @@
{
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862."
"lang": "eng",
"value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862."
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-03-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4619"
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-03-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4619"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AV" : "L",
"AC" : "H",
"A" : "N",
"I" : "N",
"SCORE" : "5.100",
"UI" : "N",
"S" : "U",
"C" : "H"
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"AV": "L",
"AC": "H",
"A": "N",
"I": "N",
"SCORE": "5.100",
"UI": "N",
"S": "U",
"C": "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value" : "9.0.0.1"
"version_value": "9.0.0.1"
},
{
"version_value" : "8.0.0.1"
"version_value": "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
"version_value": "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
"version_value": "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
"version_value": "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
"version_value": "8.0.0.5"
},
{
"version_value" : "8.0.0.6"
"version_value": "8.0.0.6"
},
{
"version_value" : "8.0.0.7"
"version_value": "8.0.0.7"
},
{
"version_value" : "9.0.0.2"
"version_value": "9.0.0.2"
},
{
"version_value" : "7.5.0.1"
"version_value": "7.5.0.1"
},
{
"version_value" : "7.5.0.2"
"version_value": "7.5.0.2"
},
{
"version_value" : "7.5.0.3"
"version_value": "7.5.0.3"
},
{
"version_value" : "7.5.0.4"
"version_value": "7.5.0.4"
},
{
"version_value" : "7.5.0.5"
"version_value": "7.5.0.5"
},
{
"version_value" : "7.5.0.6"
"version_value": "7.5.0.6"
},
{
"version_value" : "7.5.0.7"
"version_value": "7.5.0.7"
},
{
"version_value" : "7.5.0.8"
"version_value": "7.5.0.8"
},
{
"version_value" : "8.0.0.8"
"version_value": "8.0.0.8"
},
{
"version_value" : "7.1.0.1"
"version_value": "7.1.0.1"
},
{
"version_value" : "7.1.0.2"
"version_value": "7.1.0.2"
},
{
"version_value" : "7.1.0.3"
"version_value": "7.1.0.3"
},
{
"version_value" : "7.1.0.4"
"version_value": "7.1.0.4"
},
{
"version_value" : "7.1.0.5"
"version_value": "7.1.0.5"
},
{
"version_value" : "7.1.0.6"
"version_value": "7.1.0.6"
},
{
"version_value" : "7.1.0.7"
"version_value": "7.1.0.7"
},
{
"version_value" : "8.0.0.9"
"version_value": "8.0.0.9"
},
{
"version_value" : "9.0.0.3"
"version_value": "9.0.0.3"
},
{
"version_value" : "8.0.0.0"
"version_value": "8.0.0.0"
},
{
"version_value" : "8.0.0.10"
"version_value": "8.0.0.10"
},
{
"version_value" : "9.0.0.0"
"version_value": "9.0.0.0"
},
{
"version_value" : "9.0.0.4"
"version_value": "9.0.0.4"
},
{
"version_value" : "9.0.0.5"
"version_value": "9.0.0.5"
},
{
"version_value" : "9.1"
"version_value": "9.1"
},
{
"version_value" : "9.1.0.1"
"version_value": "9.1.0.1"
},
{
"version_value" : "9.1.1"
"version_value": "9.1.1"
},
{
"version_value" : "9.1.0.2"
"version_value": "9.1.0.2"
},
{
"version_value" : "9.1.2"
"version_value": "9.1.2"
},
{
"version_value" : "8.0.0.11"
"version_value": "8.0.0.11"
},
{
"version_value" : "9.0.0.6"
"version_value": "9.0.0.6"
},
{
"version_value" : "7.1.0.0"
"version_value": "7.1.0.0"
},
{
"version_value" : "7.1.0.8"
"version_value": "7.1.0.8"
},
{
"version_value" : "7.1.0.9"
"version_value": "7.1.0.9"
},
{
"version_value" : "7.5.0.0"
"version_value": "7.5.0.0"
},
{
"version_value" : "7.5.0.9"
"version_value": "7.5.0.9"
},
{
"version_value" : "8.0.0.12"
"version_value": "8.0.0.12"
},
{
"version_value" : "9.1.0.3"
"version_value": "9.1.0.3"
},
{
"version_value" : "9.1.3"
"version_value": "9.1.3"
},
{
"version_value" : "9.0.0.7"
"version_value": "9.0.0.7"
},
{
"version_value" : "8.0.0.13"
"version_value": "8.0.0.13"
},
{
"version_value" : "9.0.0.8"
"version_value": "9.0.0.8"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/pages/node/1135101",
"url" : "https://www.ibm.com/support/pages/node/1135101",
"title" : "IBM Security Bulletin 1135101 (MQ)",
"refsource" : "CONFIRM"
"name": "https://www.ibm.com/support/pages/node/1135101",
"url": "https://www.ibm.com/support/pages/node/1135101",
"title": "IBM Security Bulletin 1135101 (MQ)",
"refsource": "CONFIRM"
},
{
"name" : "ibm-mq-cve20194619-info-disc (168862)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"name": "ibm-mq-cve20194619-info-disc (168862)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_version" : "4.0"
"data_version": "4.0"
}

204
2019/4xxx/CVE-2019-4656.json
View File

@ -1,184 +1,184 @@
{
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 1135095 (MQ)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1135095",
"url" : "https://www.ibm.com/support/pages/node/1135095"
"title": "IBM Security Bulletin 1135095 (MQ)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1135095",
"url": "https://www.ibm.com/support/pages/node/1135095"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967",
"name" : "ibm-mq-cve20194656-dos (170967)"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967",
"name": "ibm-mq-cve20194656-dos (170967)"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "9.0.0.1"
"version_value": "9.0.0.1"
},
{
"version_value" : "8.0.0.1"
"version_value": "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
"version_value": "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
"version_value": "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
"version_value": "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
"version_value": "8.0.0.5"
},
{
"version_value" : "8.0.0.6"
"version_value": "8.0.0.6"
},
{
"version_value" : "8.0.0.7"
"version_value": "8.0.0.7"
},
{
"version_value" : "9.0.0.2"
"version_value": "9.0.0.2"
},
{
"version_value" : "7.5.0.1"
"version_value": "7.5.0.1"
},
{
"version_value" : "7.5.0.2"
"version_value": "7.5.0.2"
},
{
"version_value" : "7.5.0.3"
"version_value": "7.5.0.3"
},
{
"version_value" : "7.5.0.4"
"version_value": "7.5.0.4"
},
{
"version_value" : "7.5.0.5"
"version_value": "7.5.0.5"
},
{
"version_value" : "7.5.0.6"
"version_value": "7.5.0.6"
},
{
"version_value" : "7.5.0.7"
"version_value": "7.5.0.7"
},
{
"version_value" : "7.5.0.8"
"version_value": "7.5.0.8"
},
{
"version_value" : "8.0.0.8"
"version_value": "8.0.0.8"
},
{
"version_value" : "7.1.0.1"
"version_value": "7.1.0.1"
},
{
"version_value" : "7.1.0.2"
"version_value": "7.1.0.2"
},
{
"version_value" : "7.1.0.3"
"version_value": "7.1.0.3"
},
{
"version_value" : "7.1.0.4"
"version_value": "7.1.0.4"
},
{
"version_value" : "7.1.0.5"
"version_value": "7.1.0.5"
},
{
"version_value" : "7.1.0.6"
"version_value": "7.1.0.6"
},
{
"version_value" : "7.1.0.7"
"version_value": "7.1.0.7"
},
{
"version_value" : "8.0.0.9"
"version_value": "8.0.0.9"
},
{
"version_value" : "9.0.0.3"
"version_value": "9.0.0.3"
},
{
"version_value" : "8.0.0.0"
"version_value": "8.0.0.0"
},
{
"version_value" : "8.0.0.10"
"version_value": "8.0.0.10"
},
{
"version_value" : "9.0.0.0"
"version_value": "9.0.0.0"
},
{
"version_value" : "9.0.0.4"
"version_value": "9.0.0.4"
},
{
"version_value" : "9.0.0.5"
"version_value": "9.0.0.5"
},
{
"version_value" : "9.1"
"version_value": "9.1"
},
{
"version_value" : "9.1.0.1"
"version_value": "9.1.0.1"
},
{
"version_value" : "9.1.1"
"version_value": "9.1.1"
},
{
"version_value" : "9.1.0.2"
"version_value": "9.1.0.2"
},
{
"version_value" : "9.1.2"
"version_value": "9.1.2"
},
{
"version_value" : "8.0.0.11"
"version_value": "8.0.0.11"
},
{
"version_value" : "9.0.0.6"
"version_value": "9.0.0.6"
},
{
"version_value" : "7.1.0.0"
"version_value": "7.1.0.0"
},
{
"version_value" : "7.1.0.8"
"version_value": "7.1.0.8"
},
{
"version_value" : "7.1.0.9"
"version_value": "7.1.0.9"
},
{
"version_value" : "7.5.0.0"
"version_value": "7.5.0.0"
},
{
"version_value" : "7.5.0.9"
"version_value": "7.5.0.9"
},
{
"version_value" : "8.0.0.12"
"version_value": "8.0.0.12"
},
{
"version_value" : "9.1.0.3"
"version_value": "9.1.0.3"
},
{
"version_value" : "9.1.3"
"version_value": "9.1.3"
},
{
"version_value" : "9.0.0.7"
"version_value": "9.0.0.7"
},
{
"version_value" : "8.0.0.13"
"version_value": "8.0.0.13"
},
{
"version_value" : "9.0.0.8"
"version_value": "9.0.0.8"
}
]
},
"product_name" : "MQ"
"product_name": "MQ"
}
]
}
@ -186,51 +186,51 @@
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.500",
"UI" : "N",
"C" : "N",
"S" : "U",
"A" : "H",
"I" : "N",
"AC" : "L",
"PR" : "L",
"AV" : "N"
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.500",
"UI": "N",
"C": "N",
"S": "U",
"A": "H",
"I": "N",
"AC": "L",
"PR": "L",
"AV": "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Denial of Service",
"lang" : "eng"
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4656",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-13T00:00:00",
"STATE" : "PUBLIC"
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-4656",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-03-13T00:00:00",
"STATE": "PUBLIC"
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.",
"lang" : "eng"
"value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.",
"lang": "eng"
}
]
}

5
2020/0xxx/CVE-2020-0516.json
View File

@ -51,6 +51,11 @@
"refsource": "CONFIRM",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156761/ShaderCache-Arbitrary-File-Creation-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/156761/ShaderCache-Arbitrary-File-Creation-Privilege-Escalation.html"
}
]
},

5
2020/10xxx/CVE-2020-10181.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/s1kr10s/Sumavision_EMR3.0",
"url": "https://github.com/s1kr10s/Sumavision_EMR3.0"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html"
}
]
}

5
2020/10xxx/CVE-2020-10220.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html"
}
]
}

61
2020/10xxx/CVE-2020-10230.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://centos-webpanel.com/changelog-cwp7",
"refsource": "MISC",
"name": "https://centos-webpanel.com/changelog-cwp7"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/48212",
"url": "https://www.exploit-db.com/exploits/48212"
}
]
}

56
2020/10xxx/CVE-2020-10238.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates"
}
]
}

56
2020/10xxx/CVE-2020-10239.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field"
}
]
}

56
2020/10xxx/CVE-2020-10240.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users"
}
]
}

56
2020/10xxx/CVE-2020-10241.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions"
}
]
}

56
2020/10xxx/CVE-2020-10242.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3"
}
]
}

56
2020/10xxx/CVE-2020-10243.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters"
}
]
}

5
2020/10xxx/CVE-2020-10386.json
View File

@ -56,6 +56,11 @@
"url": "http://antoniocannito.it/?p=137#rce1",
"refsource": "MISC",
"name": "http://antoniocannito.it/?p=137#rce1"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156757/PHPKB-Multi-Language-9-image-upload.php-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/156757/PHPKB-Multi-Language-9-image-upload.php-Code-Execution.html"
}
]
}

5
2020/10xxx/CVE-2020-10387.json
View File

@ -56,6 +56,11 @@
"url": "http://antoniocannito.it/?p=137#afd",
"refsource": "MISC",
"name": "http://antoniocannito.it/?p=137#afd"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156754/PHPKB-Multi-Language-9-Authenticated-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/156754/PHPKB-Multi-Language-9-Authenticated-Directory-Traversal.html"
}
]
}

5
2020/10xxx/CVE-2020-10389.json
View File

@ -56,6 +56,11 @@
"url": "http://antoniocannito.it/?p=137#rce2",
"refsource": "MISC",
"name": "http://antoniocannito.it/?p=137#rce2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156751/PHPKB-Multi-Language-9-Authenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/156751/PHPKB-Multi-Language-9-Authenticated-Remote-Code-Execution.html"
}
]
}

3
2020/1xxx/CVE-2020-1735.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1735",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/1xxx/CVE-2020-1736.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1736",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/1xxx/CVE-2020-1738.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1738",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/1xxx/CVE-2020-1740.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1740",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

66
2020/6xxx/CVE-2020-6584.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"name": "https://www.nagios.com/products/nagios-log-server/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}

66
2020/6xxx/CVE-2020-6585.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Log Server 2.1.3 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"name": "https://www.nagios.com/products/nagios-log-server/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}

66
2020/6xxx/CVE-2020-6586.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"name": "https://www.nagios.com/products/nagios-log-server/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}

50
2020/6xxx/CVE-2020-6980.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim\u2019s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext."
}
]
}

50
2020/6xxx/CVE-2020-6984.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF A BROKEN OR RISKY ALGORITHM FOR PASSWORD PROTECTION USE OF CLIENT-SIDE AUTHENTICATION CWE-327"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable."
}
]
}

50
2020/6xxx/CVE-2020-6988.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF CLIENT-SIDE AUTHENTICATION CWE-603"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim\u2019s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials."
}
]
}

50
2020/6xxx/CVE-2020-6990.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller."
}
]
}