admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-02 21:02:29 +00:00
parent 29d12e9687
commit 6ab8be6d35
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
64 changed files with 1519 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/7xxx/CVE-2018-7638.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2018/7xxx/CVE-2018-7640.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2018/7xxx/CVE-2018-7641.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2019/1010xxx/CVE-2019-1010174.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html"
}
]
}

5
2019/10xxx/CVE-2019-10894.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/10xxx/CVE-2019-10895.json
View File

@ -116,6 +116,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/10xxx/CVE-2019-10896.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/10xxx/CVE-2019-10899.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/10xxx/CVE-2019-10901.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/10xxx/CVE-2019-10903.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0362",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

5
2019/12xxx/CVE-2019-12295.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html"
}
]
}

123
2020/11xxx/CVE-2020-11117.json
View File

@ -1,62 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability in lbd service"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability in lbd service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065"
}
]
}
}

2
2020/11xxx/CVE-2020-11853.json
View File

@ -225,7 +225,7 @@
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow remote attackers to execute arbitrary code."
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
]
},

5
2020/11xxx/CVE-2020-11993.json
View File

@ -108,6 +108,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200814-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200814-0005/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1792",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html"
}
]
},

20
2020/14xxx/CVE-2020-14779.json
View File

@ -101,6 +101,26 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-febe36c3ac",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-421f817e5f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-a405eea76a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-fdc79d8e5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
}
]
}

10
2020/15xxx/CVE-2020-15276.json
View File

@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/20201029",
"refsource": "MISC",
"url": "https://basercms.net/security/20201029"
},
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg",
"refsource": "CONFIRM",
@ -78,11 +83,6 @@
"name": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54",
"refsource": "MISC",
"url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54"
},
{
"name": "https://basercms.net/security/20201029",
"refsource": "MISC",
"url": "https://basercms.net/security/20201029"
}
]
},

5
2020/15xxx/CVE-2020-15673.json
View File

@ -101,6 +101,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-02",
"url": "https://security.gentoo.org/glsa/202010-02"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
}
]
},

5
2020/15xxx/CVE-2020-15676.json
View File

@ -101,6 +101,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-02",
"url": "https://security.gentoo.org/glsa/202010-02"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
}
]
},

5
2020/15xxx/CVE-2020-15677.json
View File

@ -101,6 +101,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-02",
"url": "https://security.gentoo.org/glsa/202010-02"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
}
]
},

5
2020/15xxx/CVE-2020-15678.json
View File

@ -101,6 +101,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-02",
"url": "https://security.gentoo.org/glsa/202010-02"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
}
]
},

5
2020/15xxx/CVE-2020-15683.json
View File

@ -111,6 +111,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-08",
"url": "https://security.gentoo.org/glsa/202010-08"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html"
}
]
},

10
2020/25xxx/CVE-2020-25637.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1778",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1777",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
}
]
},

5
2020/26xxx/CVE-2020-26575.json
View File

@ -81,6 +81,11 @@
"url": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab",
"refsource": "MISC",
"name": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab"
},
{
"refsource": "CONFIRM",
"name": "https://www.wireshark.org/security/wnpa-sec-2020-14.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-14.html"
}
]
}

2
2020/27xxx/CVE-2020-27014.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},

5
2020/27xxx/CVE-2020-27533.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/dedetech/issues/issues/16",
"refsource": "MISC",
"name": "https://github.com/dedetech/issues/issues/16"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159772/DedeCMS-5.8-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/159772/DedeCMS-5.8-Cross-Site-Scripting.html"
}
]
}

18
2020/28xxx/CVE-2020-28007.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28008.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28009.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28010.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28012.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28013.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28014.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28015.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28016.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28017.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28018.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28019.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28020.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28021.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28022.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28023.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28024.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28025.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28026.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28027.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28028.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/28xxx/CVE-2020-28029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2020/28xxx/CVE-2020-28030.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16887",
"refsource": "MISC",
"name": "https://gitlab.com/wireshark/wireshark/-/issues/16887"
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2020-15.html",
"refsource": "MISC",
"name": "https://www.wireshark.org/security/wnpa-sec-2020-15.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b",
"refsource": "MISC",
"name": "https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b"
}
]
}
}

67
2020/28xxx/CVE-2020-28031.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discussions.eramba.org/t/bug-injectable-host-header-security-issue/1719",
"refsource": "MISC",
"name": "https://discussions.eramba.org/t/bug-injectable-host-header-security-issue/1719"
},
{
"url": "https://www.eramba.org/releases",
"refsource": "MISC",
"name": "https://www.eramba.org/releases"
}
]
}
}

72
2020/28xxx/CVE-2020-28032.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3",
"refsource": "MISC",
"name": "https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3"
},
{
"url": "https://wpscan.com/vulnerability/10446",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/10446"
}
]
}
}

62
2020/28xxx/CVE-2020-28033.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
}
]
}
}

62
2020/28xxx/CVE-2020-28034.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 allows XSS associated with global variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
}
]
}
}

62
2020/28xxx/CVE-2020-28035.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
}
]
}
}

72
2020/28xxx/CVE-2020-28036.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32",
"refsource": "MISC",
"name": "https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32"
},
{
"url": "https://wpscan.com/vulnerability/10449",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/10449"
}
]
}
}

72
2020/28xxx/CVE-2020-28037.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c",
"refsource": "MISC",
"name": "https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c"
},
{
"url": "https://wpscan.com/vulnerability/10450",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/10450"
}
]
}
}

67
2020/28xxx/CVE-2020-28038.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 allows stored XSS via post slugs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://blog.ripstech.com",
"refsource": "MISC",
"name": "https://blog.ripstech.com"
}
]
}
}

72
2020/28xxx/CVE-2020-28039.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://wpscan.com/vulnerability/10452",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/10452"
},
{
"url": "https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad",
"refsource": "MISC",
"name": "https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad"
}
]
}
}

67
2020/28xxx/CVE-2020-28040.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 5.5.2 allows CSRF attacks that change a theme's background image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"
},
{
"url": "https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html",
"refsource": "MISC",
"name": "https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html"
}
]
}
}

2
2020/5xxx/CVE-2020-5425.json
View File

@ -51,7 +51,7 @@
"description_data": [
{
"lang": "eng",
"value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.\n\nNote: Foundation may be vulnerable only if:\n1) The system zone is set up to use a SAML identity provider\n2) There are internal users that have the same username as users in the external SAML provider\n3) Those duplicate-named users have the scope to access the SSO operator dashboard\n4) The vulnerability doesn't appear with LDAP because of chained authentication.\n"
"value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication."
}
]
},

55
2020/8xxx/CVE-2020-8173.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "18.0.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues - Generic (CWE-310)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/852841",
"url": "https://hackerone.com/reports/852841"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-023",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-023"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended."
}
]
}

55
2020/8xxx/CVE-2020-8183.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "19.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Storage of a Password (CWE-256)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/885041",
"url": "https://hackerone.com/reports/885041"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call."
}
]
}

55
2020/8xxx/CVE-2020-8236.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8236",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "19.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication - Generic (CWE-287)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/924393",
"url": "https://hackerone.com/reports/924393"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-037",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-037"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it."
}
]
}

5
2020/9xxx/CVE-2020-9490.json
View File

@ -108,6 +108,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200814-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200814-0005/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1792",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html"
}
]
},