admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-08-05 14:01:37 +00:00
parent 5cb77f6e66
commit 71f063b5ce
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 705 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/13xxx/CVE-2020-13819.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gtacknowledge.extremenetworks.com",
"refsource": "MISC",
"name": "https://gtacknowledge.extremenetworks.com"
},
{
"refsource": "MISC",
"name": "https://gtacknowledge.extremenetworks.com/articles/Solution/000051136",
"url": "https://gtacknowledge.extremenetworks.com/articles/Solution/000051136"
},
{
"refsource": "CONFIRM",
"name": "https://documentation.extremenetworks.com/release_notes/netsight/XMC_8.5.0_Release_Notes.pdf",
"url": "https://documentation.extremenetworks.com/release_notes/netsight/XMC_8.5.0_Release_Notes.pdf"
}
]
}

50
2020/13xxx/CVE-2020-13921.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache SkyWalking",
"version": {
"version_data": [
{
"version_value": "Apache SkyWalking 6.5.0, 6.6.0, 7.0.0, 8.0.0, 8.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/apache/skywalking/pull/4970",
"url": "https://github.com/apache/skywalking/pull/4970"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases."
}
]
}

17
2020/14xxx/CVE-2020-14344.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14344",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,11 +45,15 @@
"references": {
"reference_data": [
{
"url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
"url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html",
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/07/31/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/07/31/1"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344",
@ -74,4 +79,4 @@
]
]
}
}
}

16
2020/14xxx/CVE-2020-14347.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14347",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,12 +45,15 @@
"references": {
"reference_data": [
{
"url": "https://lists.x.org/archives/xorg-announce/2020-July/003051.html"
"url": "https://lists.x.org/archives/xorg-announce/2020-July/003051.html",
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2020-July/003051.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/07/31/2"
{
"url": "https://www.openwall.com/lists/oss-security/2020/07/31/2",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2020/07/31/2"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347",
@ -75,4 +79,4 @@
]
]
}
}
}

61
2020/16xxx/CVE-2020-16252.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-16252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ankane/field_test",
"refsource": "MISC",
"name": "https://github.com/ankane/field_test"
},
{
"refsource": "MISC",
"name": "https://github.com/ankane/field_test/issues/28",
"url": "https://github.com/ankane/field_test/issues/28"
}
]
}

61
2020/16xxx/CVE-2020-16253.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-16253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The PgHero gem through 2.6.0 for Ruby allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ankane/pghero/",
"refsource": "MISC",
"name": "https://github.com/ankane/pghero/"
},
{
"refsource": "MISC",
"name": "https://github.com/ankane/pghero/issues/330",
"url": "https://github.com/ankane/pghero/issues/330"
}
]
}

56
2020/17xxx/CVE-2020-17353.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17353",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff"
}
]
}

18
2020/17xxx/CVE-2020-17355.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17356.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17357.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17357",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17358.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17359.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17360.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/17xxx/CVE-2020-17361.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

174
2020/4xxx/CVE-2020-4243.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6255972",
"name" : "https://www.ibm.com/support/pages/node/6255972",
"title" : "IBM Security Bulletin 6255972 (Security Identity Governance and Intelligence)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175420",
"name" : "ibm-sig-cve20204243-info-disc (175420)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"A" : "N",
"AC" : "H",
"S" : "U",
"I" : "N",
"SCORE" : "3.700",
"PR" : "N",
"AV" : "N",
"C" : "L",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-08-04T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4243"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "5.2.6"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6255972",
"name": "https://www.ibm.com/support/pages/node/6255972",
"title": "IBM Security Bulletin 6255972 (Security Identity Governance and Intelligence)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175420",
"name": "ibm-sig-cve20204243-info-disc (175420)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}
},
"data_version" : "4.0"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"A": "N",
"AC": "H",
"S": "U",
"I": "N",
"SCORE": "3.700",
"PR": "N",
"AV": "N",
"C": "L",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-08-04T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4243"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Identity Governance and Intelligence",
"version": {
"version_data": [
{
"version_value": "5.2.6"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0"
}

192
2020/4xxx/CVE-2020-4481.json
View File

@ -1,99 +1,99 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Informational"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6256128 (UrbanCode Deploy)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6256128",
"url" : "https://www.ibm.com/support/pages/node/6256128"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848",
"name" : "ibm-ucd-cve20204481-xxe (181848)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AC" : "L",
"A" : "L",
"UI" : "N",
"AV" : "N",
"SCORE" : "8.200",
"PR" : "N",
"C" : "H",
"I" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4481",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-08-04T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
"version_value" : "6.2.7.3"
},
{
"version_value" : "7.0.3.0"
},
{
"version_value" : "7.0.4.0"
},
{
"version_value" : "6.2.7.4"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Informational"
}
]
}
]
}
}
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6256128 (UrbanCode Deploy)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6256128",
"url": "https://www.ibm.com/support/pages/node/6256128"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848",
"name": "ibm-ucd-cve20204481-xxe (181848)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"AC": "L",
"A": "L",
"UI": "N",
"AV": "N",
"SCORE": "8.200",
"PR": "N",
"C": "H",
"I": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4481",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-08-04T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "6.2.7.4"
}
]
}
}
]
}
}
]
}
}
}

55
2020/5xxx/CVE-2020-5608.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
]
}

55
2020/5xxx/CVE-2020-5609.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5609",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
]
}

8
2020/7xxx/CVE-2020-7637.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions including 0.2.3"
"version_value": "All versions prior to version 0.3.1"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/typestack/class-transformer/blob/a650d9f490573443f62508bc063b857bcd5e2525/src/ClassTransformer.ts#L29-L31,",
"url": "https://github.com/typestack/class-transformer/blob/a650d9f490573443f62508bc063b857bcd5e2525/src/ClassTransformer.ts#L29-L31,"
"name": "https://github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e",
"url": "https://github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e"
},
{
"refsource": "MISC",
@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload."
"value": "class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload."
}
]
}