admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-17 02:01:41 +00:00
parent 5bc3b11229
commit 70ea20f6cf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 417 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/10xxx/CVE-2020-10776.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "before version 12.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack."
}
]
}

5
2020/11xxx/CVE-2020-11641.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

5
2020/11xxx/CVE-2020-11642.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

5
2020/11xxx/CVE-2020-11643.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

5
2020/11xxx/CVE-2020-11644.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

5
2020/11xxx/CVE-2020-11645.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

5
2020/11xxx/CVE-2020-11646.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},

50
2020/11xxx/CVE-2020-11851.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All version prior to version 7.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
}
]
}

50
2020/14xxx/CVE-2020-14389.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "before version 12.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843,",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843,"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have."
}
]
}

61
2020/15xxx/CVE-2020-15349.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://binarynights.com/blog/posts/forklift-3-4-security-update.html",
"url": "https://binarynights.com/blog/posts/forklift-3-4-security-update.html"
},
{
"refsource": "MISC",
"name": "https://insinuator.net/2020/11/forklift-lpe/",
"url": "https://insinuator.net/2020/11/forklift-lpe/"
}
]
}

50
2020/25xxx/CVE-2020-25705.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue."
}
]
}

50
2020/25xxx/CVE-2020-25832.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
"product_name": "Filr",
"version": {
"version_data": [
{
"version_value": "4.2.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03763396",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763396"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack."
}
]
}

50
2020/25xxx/CVE-2020-25833.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
"product_name": "IDOL",
"version": {
"version_data": [
{
"version_value": "All version prior to version 12.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Cross-Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03763397",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03763397"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack."
}
]
}

56
2020/27xxx/CVE-2020-27192.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://insinuator.net/2020/11/forklift-lpe/",
"url": "https://insinuator.net/2020/11/forklift-lpe/"
}
]
}