admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-09 20:01:04 +00:00
parent 7e82fab482
commit 680536223b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 807 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2012/1xxx/CVE-2012-1258.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1258",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html",
"url": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/18750",
"url": "http://www.exploit-db.com/exploits/18750"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52989",
"url": "http://www.securityfocus.com/bid/52989"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74824"
},
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/"
}
]
}

68
2012/1xxx/CVE-2012-1259.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1259",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html",
"url": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/18750",
"url": "http://www.exploit-db.com/exploits/18750"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52989",
"url": "http://www.securityfocus.com/bid/52989"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74826"
},
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/"
}
]
}

68
2012/1xxx/CVE-2012-1260.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1260",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html",
"url": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/18750",
"url": "http://www.exploit-db.com/exploits/18750"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52989",
"url": "http://www.securityfocus.com/bid/52989"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74825"
},
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/"
}
]
}

68
2012/1xxx/CVE-2012-1261.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1261",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html",
"url": "http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/18750",
"url": "http://www.exploit-db.com/exploits/18750"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52989",
"url": "http://www.securityfocus.com/bid/52989"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74827"
},
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/"
}
]
}

65
2012/2xxx/CVE-2012-2714.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2714",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BrowserID",
"product": {
"product_data": [
{
"product_name": "BrowserID",
"version": {
"version_data": [
{
"version_value": "7.x-1.x before 7.x-1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://drupal.org/node/1597414",
"url": "http://drupal.org/node/1597414"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/14/3",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/1596464",
"url": "https://drupal.org/node/1596464"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/53673",
"url": "http://www.securityfocus.com/bid/53673"
}
]
}

101
2012/2xxx/CVE-2012-2724.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2724",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,102 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Simplenews",
"product": {
"product_data": [
{
"product_name": "Simplenews",
"version": {
"version_data": [
{
"version_value": "6.x-1.x before 6.x-1.4"
},
{
"version_value": "6.x-2.x before 6.x-2.0-alpha4"
},
{
"version_value": "and 7.x-1.x before 7.x-1.0-rc1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://drupal.org/node/1619848",
"url": "http://drupal.org/node/1619848"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/14/3",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"refsource": "MISC",
"name": "http://drupal.org/node/1619812",
"url": "http://drupal.org/node/1619812"
},
{
"refsource": "MISC",
"name": "http://drupal.org/node/1619818",
"url": "http://drupal.org/node/1619818"
},
{
"refsource": "MISC",
"name": "http://drupal.org/node/1619820",
"url": "http://drupal.org/node/1619820"
},
{
"refsource": "MISC",
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"refsource": "MISC",
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"refsource": "MISC",
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/53839",
"url": "http://www.securityfocus.com/bid/53839"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
]
}

62
2016/5xxx/CVE-2016-5285.json
View File

@ -8,15 +8,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "NSS",
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "NSS",
"product_name": "Network Security Services",
"version": {
"version_data": [
{
"version_value": "before 3.26"
"version_value": "3.24"
}
]
}
@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash."
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
}
]
},
@ -44,7 +44,7 @@
"description": [
{
"lang": "eng",
"value": "Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash"
"value": "denial of service"
}
]
}
@ -52,40 +52,50 @@
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-5285",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-5285"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5285",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5285"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5285",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5285"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"url": "http://www.securityfocus.com/bid/94349",
"refsource": "MISC",
"name": "https://downloads.avaya.com/css/P8/documents/101033728",
"url": "https://downloads.avaya.com/css/P8/documents/101033728"
"name": "http://www.securityfocus.com/bid/94349"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2016-5285",
"url": "https://packetstormsecurity.com/files/cve/CVE-2016-5285"
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"url": "https://security.gentoo.org/glsa/201701-46",
"refsource": "MISC",
"name": "https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-5285",
"url": "https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-5285"
"name": "https://security.gentoo.org/glsa/201701-46"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"url": "http://www.ubuntu.com/usn/USN-3163-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa137",
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
]
}

80
2016/5xxx/CVE-2016-5311.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-5311",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec",
"product": {
"product_data": [
{
"product_name": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
"version": {
"version_data": [
{
"version_value": "before 22.7"
}
]
}
},
{
"product_name": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
"version": {
"version_data": [
{
"version_value": "before 22.8.0.50"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "untrusted search path"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/94295",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94295"
},
{
"url": "http://www.securitytracker.com/id/1037323",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037323"
},
{
"url": "http://www.securitytracker.com/id/1037324",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037324"
},
{
"url": "http://www.securitytracker.com/id/1037325",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037325"
},
{
"refsource": "CONFIRM",
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"
}
]
}

67
2019/6xxx/CVE-2019-6319.json
View File

@ -1,17 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6319",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6319",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP DeskJet 3630 All-in-One Printer series",
"version": {
"version_data": [
{
"version_value": "F5S43A - F5S57A"
},
{
"version_value": "K4T93A - K4T99C"
},
{
"version_value": "K4U00B - K4U03B"
},
{
"version_value": "V3F21A - V3F22A"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery in HP DeskJet 3630 Printers"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hp.com/us-en/document/c06308143",
"url": "https://support.hp.com/us-en/document/c06308143"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration."
}
]
}

80
2020/6xxx/CVE-2020-6166.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/10009",
"url": "https://wpvulndb.com/vulnerabilities/10009"
},
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers",
"url": "https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers"
},
{
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/",
"url": "https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

80
2020/6xxx/CVE-2020-6168.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/10008",
"url": "https://wpvulndb.com/vulnerabilities/10008"
},
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers",
"url": "https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers"
},
{
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/",
"url": "https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:L/I:L/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

62
2020/6xxx/CVE-2020-6750.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
}
]
}
}