admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-05 16:01:18 +00:00
parent 4a8141b5b9
commit 6d1b7d2a13
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 322 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
2018/16xxx/CVE-2018-16301.json
View File

@ -1,136 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16301",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES",
"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
},
{
"refsource": "MISC",
"name": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES",
"url": "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2344",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2348",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2343",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2345",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-85d92df70f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-eaa681d33e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-4fe461079f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-b92ce3144a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d06bc63433",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-6db0d5b9d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K86252029?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K86252029?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210788",
"url": "https://support.apple.com/kb/HT210788"
},
{
"refsource": "BUGTRAQ",
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2019/20xxx/CVE-2019-20107.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/bcf7b971b5c88ea08d2dc47685f319be3b02cea8",
"url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/bcf7b971b5c88ea08d2dc47685f319be3b02cea8"
},
{
"refsource": "MISC",
"name": "http://mantis.testlink.org/view.php?id=8829#c29360",
"url": "http://mantis.testlink.org/view.php?id=8829#c29360"
}
]
}

72
2020/10xxx/CVE-2020-10174.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1165802",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1165802"
},
{
"url": "https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462",
"refsource": "MISC",
"name": "https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462"
},
{
"url": "https://github.com/teejee2008/timeshift/releases/tag/v20.03",
"refsource": "MISC",
"name": "https://github.com/teejee2008/timeshift/releases/tag/v20.03"
}
]
}
}

18
2020/10xxx/CVE-2020-10175.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2020/4xxx/CVE-2020-4278.json
View File

@ -1,113 +1,113 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/3357549",
"name" : "https://www.ibm.com/support/pages/node/3357549",
"title" : "IBM Security Bulletin 3357549 (Spectrum LSF)"
},
{
"name" : "ibm-spectrum-cve20204278-priv-escalation (176137)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4278",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"C" : "H",
"AC" : "H",
"SCORE" : "7.400",
"A" : "H",
"PR" : "N",
"S" : "U",
"AV" : "L",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum LSF",
"version" : {
"version_data" : [
{
"version_value" : "10.1"
},
{
"version_value" : "9.1"
}
]
}
},
{
"product_name" : "Spectrum LSF Suites",
"version" : {
"version_data" : [
{
"version_value" : "10.2"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "10.2"
}
]
},
"product_name" : "Spectrum Computing Suite for High Performance Analytics"
}
]
}
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/3357549",
"name": "https://www.ibm.com/support/pages/node/3357549",
"title": "IBM Security Bulletin 3357549 (Spectrum LSF)"
},
{
"name": "ibm-spectrum-cve20204278-priv-escalation (176137)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"
}
]
}
}
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4278",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"C": "H",
"AC": "H",
"SCORE": "7.400",
"A": "H",
"PR": "N",
"S": "U",
"AV": "L",
"UI": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Spectrum LSF",
"version": {
"version_data": [
{
"version_value": "10.1"
},
{
"version_value": "9.1"
}
]
}
},
{
"product_name": "Spectrum LSF Suites",
"version": {
"version_data": [
{
"version_value": "10.2"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "10.2"
}
]
},
"product_name": "Spectrum Computing Suite for High Performance Analytics"
}
]
}
}
]
}
}
}

66
2020/8xxx/CVE-2020-8994.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker\u2019s SSH service as a backdoor"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.usenix.org/sites/default/files/soups2018posters-lau.pdf",
"refsource": "MISC",
"name": "https://www.usenix.org/sites/default/files/soups2018posters-lau.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-8994.md",
"url": "https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-8994.md"
},
{
"refsource": "MISC",
"name": "https://youtu.be/yCadG38yZW8",
"url": "https://youtu.be/yCadG38yZW8"
}
]
}

56
2020/9xxx/CVE-2020-9418.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.pdfescape.com/hc/en-us/articles/360039586551",
"url": "https://support.pdfescape.com/hc/en-us/articles/360039586551"
}
]
}