admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-13 21:01:19 +00:00
parent acd3ef17e6
commit 72750718e2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 262 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
2019/18xxx/CVE-2019-18576.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18576",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18576",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "XtremIO",
"product_name": "XtremIO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "6.3.0"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users\u2019 passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
}
]
}

43
2019/18xxx/CVE-2019-18577.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18577",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18577",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "XtremIO",
"product_name": "XtremIO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "6.3.0"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
}
]
}

43
2019/18xxx/CVE-2019-18578.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18578",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-12-16",
"ID": "CVE-2019-18578",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "XtremIO",
"product_name": "XtremIO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "6.3.0"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 9.0,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities"
}
]
}

43
2019/3xxx/CVE-2019-3769.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-11-15",
"ID": "CVE-2019-3769",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-11-15",
"ID": "CVE-2019-3769",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Wyse Management Suite",
"product_name": "Wyse Management Suite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "WMS 1.4.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/SLN319512"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN319512",
"name": "https://www.dell.com/support/article/SLN319512"
}
]
}

43
2019/3xxx/CVE-2019-3770.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-11-15",
"ID": "CVE-2019-3770",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-11-15",
"ID": "CVE-2019-3770",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Wyse Management Suite",
"product_name": "Wyse Management Suite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "WMS 1.4.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/SLN319512"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN319512",
"name": "https://www.dell.com/support/article/SLN319512"
}
]
}

18
2020/10xxx/CVE-2020-10561.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/10xxx/CVE-2020-10562.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c",
"refsource": "MISC",
"name": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c"
},
{
"url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8",
"refsource": "MISC",
"name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8"
}
]
}
}

67
2020/10xxx/CVE-2020-10563.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c",
"refsource": "MISC",
"name": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c"
},
{
"url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8",
"refsource": "MISC",
"name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8"
}
]
}
}