admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-10 23:01:45 +00:00
parent 28e664f295
commit 79c8f89504
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
49 changed files with 1033 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2016/15xxx/CVE-2016-15001.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-15001",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}
}

112
2019/4xxx/CVE-2019-4738.json
View File

@ -1,80 +1,80 @@
{
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6380390 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6380390",
"name" : "https://www.ibm.com/support/pages/node/6380390"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6380390 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/pages/node/6380390",
"name": "https://www.ibm.com/support/pages/node/6380390"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172753",
"name" : "ibm-sterling-cve20194738-info-disc (172753)",
"refsource" : "XF"
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172753",
"name": "ibm-sterling-cve20194738-info-disc (172753)",
"refsource": "XF"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-12-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4738",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-12-09T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4738",
"STATE": "PUBLIC"
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"UI" : "N",
"S" : "U",
"SCORE" : "4.300",
"AV" : "N",
"I" : "N",
"AC" : "L",
"A" : "N",
"PR" : "L"
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"UI": "N",
"S": "U",
"SCORE": "4.300",
"AV": "N",
"I": "N",
"AC": "L",
"A": "N",
"PR": "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"value" : "Obtain Information",
"lang" : "eng"
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value" : "6.0.0.0"
"version_value": "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
"version_value": "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
"version_value": "5.2.6.5"
},
{
"version_value" : "6.0.3.1"
"version_value": "6.0.3.1"
}
]
}
@ -85,14 +85,14 @@
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753."
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753."
}
]
}

50
2020/13xxx/CVE-2020-13526.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ProcessMaker",
"version": {
"version_data": [
{
"version_value": "ProcessMaker 3.4.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1126"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \u2018sort\u2019 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

5
2020/14xxx/CVE-2020-14305.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/",
"url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0004/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0004/"
}
]
},

4
2020/16xxx/CVE-2020-16196.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-16196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

61
2020/16xxx/CVE-2020-16608.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-16608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/notable/notable",
"refsource": "MISC",
"name": "https://github.com/notable/notable"
},
{
"refsource": "MISC",
"name": "https://sghosh2402.medium.com/cve-2020-16608-8cdad9f4d9b4",
"url": "https://sghosh2402.medium.com/cve-2020-16608-8cdad9f4d9b4"
}
]
}

5
2020/17xxx/CVE-2020-17527.json
View File

@ -123,6 +123,11 @@
"refsource": "MLIST",
"name": "[tomee-commits] 20201207 [jira] [Assigned] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.",
"url": "https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0003/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0003/"
}
]
},

56
2020/19xxx/CVE-2020-19142.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/idreamsoft/iCMS/issues/65",
"refsource": "MISC",
"name": "https://github.com/idreamsoft/iCMS/issues/65"
}
]
}

56
2020/19xxx/CVE-2020-19527.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/idreamsoft/iCMS/issues/66",
"refsource": "MISC",
"name": "https://github.com/idreamsoft/iCMS/issues/66"
}
]
}

5
2020/25xxx/CVE-2020-25624.json
View File

@ -56,6 +56,11 @@
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0005/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0005/"
}
]
}

5
2020/25xxx/CVE-2020-25640.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
"url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0001/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0001/"
}
]
},

5
2020/25xxx/CVE-2020-25705.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0002/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0002/"
}
]
},

56
2020/25xxx/CVE-2020-25967.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SST) vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cnpanda.net/codeaudit/777.html",
"refsource": "MISC",
"name": "https://www.cnpanda.net/codeaudit/777.html"
}
]
}

61
2020/26xxx/CVE-2020-26201.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-26201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.askey.com.tw/",
"refsource": "MISC",
"name": "https://www.askey.com.tw/"
},
{
"refsource": "CONFIRM",
"name": "https://www.askey.com.tw/incident_report_notifications.html",
"url": "https://www.askey.com.tw/incident_report_notifications.html"
}
]
}

2
2020/26xxx/CVE-2020-26266.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.\n\nThis is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
"value": "In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
}
]
},

2
2020/26xxx/CVE-2020-26267.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes.\n\nThis is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
"value": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
}
]
},

2
2020/26xxx/CVE-2020-26268.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area.\n\nIf the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault.\n\nThis is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden.\n\nThis is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
"value": "In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
}
]
},

2
2020/26xxx/CVE-2020-26269.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories.\n\nThere are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these.\n\nThis is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched."
"value": "In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched."
}
]
},

2
2020/26xxx/CVE-2020-26270.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend.\n\nThis can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.\n\nThis is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
"value": "In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
}
]
},

2
2020/26xxx/CVE-2020-26271.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality.\n\nHowever, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays.\n\nIn most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library.\n\nThis is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
"value": "In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
}
]
},

5
2020/27xxx/CVE-2020-27350.json
View File

@ -105,6 +105,11 @@
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193",
"name": "https://bugs.launchpad.net/bugs/1899193"
},
{
"refsource": "DEBIAN",
"name": "DSA-4808",
"url": "https://www.debian.org/security/2020/dsa-4808"
}
]
},

5
2020/27xxx/CVE-2020-27351.json
View File

@ -105,6 +105,11 @@
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4668-1",
"name": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"refsource": "DEBIAN",
"name": "DSA-4809",
"url": "https://www.debian.org/security/2020/dsa-4809"
}
]
},

66
2020/29xxx/CVE-2020-29311.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e",
"refsource": "MISC",
"name": "https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e"
},
{
"url": "https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=sharing"
},
{
"url": "https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=sharing"
}
]
}

18
2020/35xxx/CVE-2020-35001.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35017.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35061.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35076.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35076",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}
}

18
2020/35xxx/CVE-2020-35090.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35090",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}
}

18
2020/35xxx/CVE-2020-35096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35106.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35107.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35108.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35109.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35110.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35110",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}
}

18
2020/35xxx/CVE-2020-35111.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35112.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35113.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35114.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35115.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35116.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35116",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35117.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35118.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35119.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/35xxx/CVE-2020-35120.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

116
2020/4xxx/CVE-2020-4829.json
View File

@ -1,103 +1,103 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"PR" : "N",
"A" : "H",
"I" : "H",
"AV" : "L",
"SCORE" : "8.400",
"S" : "U",
"UI" : "N",
"C" : "H"
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"PR": "N",
"A": "H",
"I": "H",
"AV": "L",
"SCORE": "8.400",
"S": "U",
"UI": "N",
"C": "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-12-09T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4829"
"CVE_data_meta": {
"DATE_PUBLIC": "2020-12-09T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4829"
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"title" : "IBM Security Bulletin 6380430 (AIX)",
"url" : "https://www.ibm.com/support/pages/node/6380430",
"name" : "https://www.ibm.com/support/pages/node/6380430",
"refsource" : "CONFIRM"
"title": "IBM Security Bulletin 6380430 (AIX)",
"url": "https://www.ibm.com/support/pages/node/6380430",
"name": "https://www.ibm.com/support/pages/node/6380430",
"refsource": "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189960",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-aix-cve20204829-priv-escalation (189960)"
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189960",
"title": "X-Force Vulnerability Report",
"name": "ibm-aix-cve20204829-priv-escalation (189960)"
}
]
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.",
"lang" : "eng"
"value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.",
"lang": "eng"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "VIOS ",
"version" : {
"version_data" : [
"product_name": "VIOS ",
"version": {
"version_data": [
{
"version_value" : "3.1"
"version_value": "3.1"
}
]
}
},
{
"product_name" : "AIX",
"version" : {
"version_data" : [
"product_name": "AIX",
"version": {
"version_data": [
{
"version_value" : "7.1"
"version_value": "7.1"
},
{
"version_value" : "7.2"
"version_value": "7.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_format" : "MITRE"
"data_format": "MITRE"
}

5
2020/6xxx/CVE-2020-6016.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43",
"url": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
"url": "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/"
}
]
},

5
2020/6xxx/CVE-2020-6019.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678",
"url": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
"url": "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/"
}
]
},

3
2020/8xxx/CVE-2020-8908.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@google.com",
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8908",
"STATE": "PUBLIC",
"TITLE": "Temp directory permission issue in Guava"
@ -93,4 +93,3 @@
"discovery": "EXTERNAL"
}
}