From 7cf13395c3d5290fc7e976e6feb829d0e4cf5e26 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Tue, 14 Jul 2020 13:34:15 -0700 Subject: [PATCH] Bill Situ On branch cna/Oracle/CPU2020Jul Changes to be committed: modified: 2017/10xxx/CVE-2017-10140.json modified: 2019/2xxx/CVE-2019-2729.json modified: 2019/2xxx/CVE-2019-2904.json modified: 2020/14xxx/CVE-2020-14527.json modified: 2020/14xxx/CVE-2020-14528.json modified: 2020/14xxx/CVE-2020-14529.json modified: 2020/14xxx/CVE-2020-14530.json modified: 2020/14xxx/CVE-2020-14531.json modified: 2020/14xxx/CVE-2020-14532.json modified: 2020/14xxx/CVE-2020-14533.json modified: 2020/14xxx/CVE-2020-14534.json modified: 2020/14xxx/CVE-2020-14535.json modified: 2020/14xxx/CVE-2020-14536.json modified: 2020/14xxx/CVE-2020-14537.json modified: 2020/14xxx/CVE-2020-14539.json modified: 2020/14xxx/CVE-2020-14540.json modified: 2020/14xxx/CVE-2020-14541.json modified: 2020/14xxx/CVE-2020-14542.json modified: 2020/14xxx/CVE-2020-14543.json modified: 2020/14xxx/CVE-2020-14544.json modified: 2020/14xxx/CVE-2020-14545.json modified: 2020/14xxx/CVE-2020-14546.json modified: 2020/14xxx/CVE-2020-14547.json modified: 2020/14xxx/CVE-2020-14548.json modified: 2020/14xxx/CVE-2020-14549.json modified: 2020/14xxx/CVE-2020-14550.json modified: 2020/14xxx/CVE-2020-14551.json modified: 2020/14xxx/CVE-2020-14552.json modified: 2020/14xxx/CVE-2020-14553.json modified: 2020/14xxx/CVE-2020-14554.json modified: 2020/14xxx/CVE-2020-14555.json modified: 2020/14xxx/CVE-2020-14556.json modified: 2020/14xxx/CVE-2020-14557.json modified: 2020/14xxx/CVE-2020-14558.json modified: 2020/14xxx/CVE-2020-14559.json modified: 2020/14xxx/CVE-2020-14560.json modified: 2020/14xxx/CVE-2020-14561.json modified: 2020/14xxx/CVE-2020-14562.json modified: 2020/14xxx/CVE-2020-14563.json modified: 2020/14xxx/CVE-2020-14564.json modified: 2020/14xxx/CVE-2020-14565.json modified: 2020/14xxx/CVE-2020-14566.json modified: 2020/14xxx/CVE-2020-14567.json modified: 2020/14xxx/CVE-2020-14568.json modified: 2020/14xxx/CVE-2020-14569.json modified: 2020/14xxx/CVE-2020-14570.json modified: 2020/14xxx/CVE-2020-14571.json modified: 2020/14xxx/CVE-2020-14572.json modified: 2020/14xxx/CVE-2020-14573.json modified: 2020/14xxx/CVE-2020-14574.json modified: 2020/14xxx/CVE-2020-14575.json modified: 2020/14xxx/CVE-2020-14576.json modified: 2020/14xxx/CVE-2020-14577.json modified: 2020/14xxx/CVE-2020-14578.json modified: 2020/14xxx/CVE-2020-14579.json modified: 2020/14xxx/CVE-2020-14580.json modified: 2020/14xxx/CVE-2020-14581.json modified: 2020/14xxx/CVE-2020-14582.json modified: 2020/14xxx/CVE-2020-14583.json modified: 2020/14xxx/CVE-2020-14584.json modified: 2020/14xxx/CVE-2020-14585.json modified: 2020/14xxx/CVE-2020-14586.json modified: 2020/14xxx/CVE-2020-14587.json modified: 2020/14xxx/CVE-2020-14588.json modified: 2020/14xxx/CVE-2020-14589.json modified: 2020/14xxx/CVE-2020-14590.json modified: 2020/14xxx/CVE-2020-14591.json modified: 2020/14xxx/CVE-2020-14592.json modified: 2020/14xxx/CVE-2020-14593.json modified: 2020/14xxx/CVE-2020-14594.json modified: 2020/14xxx/CVE-2020-14595.json modified: 2020/14xxx/CVE-2020-14596.json modified: 2020/14xxx/CVE-2020-14597.json modified: 2020/14xxx/CVE-2020-14598.json modified: 2020/14xxx/CVE-2020-14599.json modified: 2020/14xxx/CVE-2020-14600.json modified: 2020/14xxx/CVE-2020-14601.json modified: 2020/14xxx/CVE-2020-14602.json modified: 2020/14xxx/CVE-2020-14603.json modified: 2020/14xxx/CVE-2020-14604.json modified: 2020/14xxx/CVE-2020-14605.json modified: 2020/14xxx/CVE-2020-14606.json modified: 2020/14xxx/CVE-2020-14607.json modified: 2020/14xxx/CVE-2020-14608.json modified: 2020/14xxx/CVE-2020-14609.json modified: 2020/14xxx/CVE-2020-14610.json modified: 2020/14xxx/CVE-2020-14611.json modified: 2020/14xxx/CVE-2020-14612.json modified: 2020/14xxx/CVE-2020-14613.json modified: 2020/14xxx/CVE-2020-14614.json modified: 2020/14xxx/CVE-2020-14615.json modified: 2020/14xxx/CVE-2020-14616.json modified: 2020/14xxx/CVE-2020-14617.json modified: 2020/14xxx/CVE-2020-14618.json modified: 2020/14xxx/CVE-2020-14619.json modified: 2020/14xxx/CVE-2020-14620.json modified: 2020/14xxx/CVE-2020-14621.json modified: 2020/14xxx/CVE-2020-14622.json modified: 2020/14xxx/CVE-2020-14623.json modified: 2020/14xxx/CVE-2020-14624.json modified: 2020/14xxx/CVE-2020-14625.json modified: 2020/14xxx/CVE-2020-14626.json modified: 2020/14xxx/CVE-2020-14627.json modified: 2020/14xxx/CVE-2020-14628.json modified: 2020/14xxx/CVE-2020-14629.json modified: 2020/14xxx/CVE-2020-14630.json modified: 2020/14xxx/CVE-2020-14631.json modified: 2020/14xxx/CVE-2020-14632.json modified: 2020/14xxx/CVE-2020-14633.json modified: 2020/14xxx/CVE-2020-14634.json modified: 2020/14xxx/CVE-2020-14635.json modified: 2020/14xxx/CVE-2020-14636.json modified: 2020/14xxx/CVE-2020-14637.json modified: 2020/14xxx/CVE-2020-14638.json modified: 2020/14xxx/CVE-2020-14639.json modified: 2020/14xxx/CVE-2020-14640.json modified: 2020/14xxx/CVE-2020-14641.json modified: 2020/14xxx/CVE-2020-14642.json modified: 2020/14xxx/CVE-2020-14643.json modified: 2020/14xxx/CVE-2020-14644.json modified: 2020/14xxx/CVE-2020-14645.json modified: 2020/14xxx/CVE-2020-14646.json modified: 2020/14xxx/CVE-2020-14647.json modified: 2020/14xxx/CVE-2020-14648.json modified: 2020/14xxx/CVE-2020-14649.json modified: 2020/14xxx/CVE-2020-14650.json modified: 2020/14xxx/CVE-2020-14651.json modified: 2020/14xxx/CVE-2020-14652.json modified: 2020/14xxx/CVE-2020-14653.json modified: 2020/14xxx/CVE-2020-14654.json modified: 2020/14xxx/CVE-2020-14655.json modified: 2020/14xxx/CVE-2020-14656.json modified: 2020/14xxx/CVE-2020-14657.json modified: 2020/14xxx/CVE-2020-14658.json modified: 2020/14xxx/CVE-2020-14659.json modified: 2020/14xxx/CVE-2020-14660.json modified: 2020/14xxx/CVE-2020-14661.json modified: 2020/14xxx/CVE-2020-14662.json modified: 2020/14xxx/CVE-2020-14663.json modified: 2020/14xxx/CVE-2020-14664.json modified: 2020/14xxx/CVE-2020-14665.json modified: 2020/14xxx/CVE-2020-14666.json modified: 2020/14xxx/CVE-2020-14667.json modified: 2020/14xxx/CVE-2020-14668.json modified: 2020/14xxx/CVE-2020-14669.json modified: 2020/14xxx/CVE-2020-14670.json modified: 2020/14xxx/CVE-2020-14671.json modified: 2020/14xxx/CVE-2020-14673.json modified: 2020/14xxx/CVE-2020-14674.json modified: 2020/14xxx/CVE-2020-14675.json modified: 2020/14xxx/CVE-2020-14676.json modified: 2020/14xxx/CVE-2020-14677.json modified: 2020/14xxx/CVE-2020-14678.json modified: 2020/14xxx/CVE-2020-14679.json modified: 2020/14xxx/CVE-2020-14680.json modified: 2020/14xxx/CVE-2020-14681.json modified: 2020/14xxx/CVE-2020-14682.json modified: 2020/14xxx/CVE-2020-14684.json modified: 2020/14xxx/CVE-2020-14685.json modified: 2020/14xxx/CVE-2020-14686.json modified: 2020/14xxx/CVE-2020-14687.json modified: 2020/14xxx/CVE-2020-14688.json modified: 2020/14xxx/CVE-2020-14690.json modified: 2020/14xxx/CVE-2020-14691.json modified: 2020/14xxx/CVE-2020-14692.json modified: 2020/14xxx/CVE-2020-14693.json modified: 2020/14xxx/CVE-2020-14694.json modified: 2020/14xxx/CVE-2020-14695.json modified: 2020/14xxx/CVE-2020-14696.json modified: 2020/14xxx/CVE-2020-14697.json modified: 2020/14xxx/CVE-2020-14698.json modified: 2020/14xxx/CVE-2020-14699.json modified: 2020/14xxx/CVE-2020-14700.json modified: 2020/14xxx/CVE-2020-14701.json modified: 2020/14xxx/CVE-2020-14702.json modified: 2020/14xxx/CVE-2020-14703.json modified: 2020/14xxx/CVE-2020-14704.json modified: 2020/14xxx/CVE-2020-14705.json modified: 2020/14xxx/CVE-2020-14706.json modified: 2020/14xxx/CVE-2020-14707.json modified: 2020/14xxx/CVE-2020-14708.json modified: 2020/14xxx/CVE-2020-14709.json modified: 2020/14xxx/CVE-2020-14710.json modified: 2020/14xxx/CVE-2020-14711.json modified: 2020/14xxx/CVE-2020-14712.json modified: 2020/14xxx/CVE-2020-14713.json modified: 2020/14xxx/CVE-2020-14714.json modified: 2020/14xxx/CVE-2020-14715.json modified: 2020/14xxx/CVE-2020-14716.json modified: 2020/14xxx/CVE-2020-14717.json modified: 2020/14xxx/CVE-2020-14718.json modified: 2020/14xxx/CVE-2020-14719.json modified: 2020/14xxx/CVE-2020-14720.json modified: 2020/14xxx/CVE-2020-14721.json modified: 2020/14xxx/CVE-2020-14722.json modified: 2020/14xxx/CVE-2020-14723.json modified: 2020/14xxx/CVE-2020-14724.json modified: 2020/2xxx/CVE-2020-2513.json modified: 2020/2xxx/CVE-2020-2555.json modified: 2020/2xxx/CVE-2020-2562.json modified: 2020/2xxx/CVE-2020-2966.json modified: 2020/2xxx/CVE-2020-2967.json modified: 2020/2xxx/CVE-2020-2968.json modified: 2020/2xxx/CVE-2020-2969.json modified: 2020/2xxx/CVE-2020-2971.json modified: 2020/2xxx/CVE-2020-2972.json modified: 2020/2xxx/CVE-2020-2973.json modified: 2020/2xxx/CVE-2020-2974.json modified: 2020/2xxx/CVE-2020-2975.json modified: 2020/2xxx/CVE-2020-2976.json modified: 2020/2xxx/CVE-2020-2977.json modified: 2020/2xxx/CVE-2020-2978.json modified: 2020/2xxx/CVE-2020-2981.json modified: 2020/2xxx/CVE-2020-2982.json modified: 2020/2xxx/CVE-2020-2983.json modified: 2020/2xxx/CVE-2020-2984.json --- 2017/10xxx/CVE-2017-10140.json | 3 + 2019/2xxx/CVE-2019-2729.json | 107 ++++++++++++++- 2019/2xxx/CVE-2019-2904.json | 238 ++++++++++++++++++++++++++++++++- 2020/14xxx/CVE-2020-14527.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14528.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14529.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14530.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14531.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14532.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14533.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14534.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14535.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14536.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14537.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14539.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14540.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14541.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14542.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14543.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14544.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14545.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14546.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14547.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14548.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14549.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14550.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14551.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14552.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14553.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14554.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14555.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14556.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14557.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14558.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14559.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14560.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14561.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14562.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14563.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14564.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14565.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14566.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14567.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14568.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14569.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14570.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14571.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14572.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14573.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14574.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14575.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14576.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14577.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14578.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14579.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14580.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14581.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14582.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14583.json | 105 ++++++++++++--- 2020/14xxx/CVE-2020-14584.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14585.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14586.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14587.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14588.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14589.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14590.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14591.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14592.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14593.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14594.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14595.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14596.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14597.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14598.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14599.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14600.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14601.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14602.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14603.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14604.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14605.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14606.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14607.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14608.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14609.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14610.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14611.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14612.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14613.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14614.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14615.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14616.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14617.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14618.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14619.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14620.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14621.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14622.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14623.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14624.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14625.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14626.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14627.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14628.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14629.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14630.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14631.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14632.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14633.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14634.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14635.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14636.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14637.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14638.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14639.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14640.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14641.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14642.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14643.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14644.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14645.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14646.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14647.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14648.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14649.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14650.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14651.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14652.json | 97 +++++++++++--- 2020/14xxx/CVE-2020-14653.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14654.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14655.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14656.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14657.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14658.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14659.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14660.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14661.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14662.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14663.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14664.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14665.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14666.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14667.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14668.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14669.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14670.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14671.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14673.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14674.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14675.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14676.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14677.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14678.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14679.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14680.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14681.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14682.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14684.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14685.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14686.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14687.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14688.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14690.json | 93 ++++++++++--- 2020/14xxx/CVE-2020-14691.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14692.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14693.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14694.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14695.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14696.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14697.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14698.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14699.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14700.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14701.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14702.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14703.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14704.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14705.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14706.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14707.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14708.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14709.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14710.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14711.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14712.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14713.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14714.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14715.json | 89 +++++++++--- 2020/14xxx/CVE-2020-14716.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14717.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14718.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14719.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14720.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14721.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14722.json | 81 ++++++++--- 2020/14xxx/CVE-2020-14723.json | 85 +++++++++--- 2020/14xxx/CVE-2020-14724.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2513.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2555.json | 47 ++++++- 2020/2xxx/CVE-2020-2562.json | 89 +++++++++--- 2020/2xxx/CVE-2020-2966.json | 93 ++++++++++--- 2020/2xxx/CVE-2020-2967.json | 97 +++++++++++--- 2020/2xxx/CVE-2020-2968.json | 97 +++++++++++--- 2020/2xxx/CVE-2020-2969.json | 97 +++++++++++--- 2020/2xxx/CVE-2020-2971.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2972.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2973.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2974.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2975.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2976.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2977.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2978.json | 93 ++++++++++--- 2020/2xxx/CVE-2020-2981.json | 81 ++++++++--- 2020/2xxx/CVE-2020-2982.json | 85 +++++++++--- 2020/2xxx/CVE-2020-2983.json | 85 +++++++++--- 2020/2xxx/CVE-2020-2984.json | 81 ++++++++--- 216 files changed, 15161 insertions(+), 3402 deletions(-) diff --git a/2017/10xxx/CVE-2017-10140.json b/2017/10xxx/CVE-2017-10140.json index 6ee62b0136f..08119727299 100644 --- a/2017/10xxx/CVE-2017-10140.json +++ b/2017/10xxx/CVE-2017-10140.json @@ -66,6 +66,9 @@ "name": "RHSA-2019:0366", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0366" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 0dba18dcbf2..73f6ef22d2f 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -8,6 +8,30 @@ "vendor": { "vendor_data": [ { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", "product": { "product_data": [ { @@ -23,7 +47,83 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Communications Converged Application Server", + "version": { + "version_data": [ + { + "version_value": "5.1", + "version_affected": "=" + }, + { + "version_value": "7.0", + "version_affected": "=" + }, + { + "version_value": "7.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Tape General STA - StorageTek Tape Analytics SW Tool", + "version": { + "version_data": [ + { + "version_value": "2.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Communications Network Integrity", + "version": { + "version_data": [ + { + "version_value": "7.3.2-7.3.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Rapid Planning", + "version": { + "version_data": [ + { + "version_value": "12.1", + "version_affected": "=" + }, + { + "version_value": "12.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } @@ -84,7 +184,10 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" - } + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 6b7e6997c11..45383743e91 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -8,6 +8,174 @@ "vendor": { "vendor_data": [ { + "product": { + "product_data": [ + { + "product_name": "Banking Enterprise Default Management", + "version": { + "version_data": [ + { + "version_value": "2.7.0", + "version_affected": "=" + }, + { + "version_value": "2.8.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Banking Enterprise Originations", + "version": { + "version_data": [ + { + "version_value": "2.7.0", + "version_affected": "=" + }, + { + "version_value": "2.8.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Banking Enterprise Product Manufacturing", + "version": { + "version_data": [ + { + "version_value": "2.7.0", + "version_affected": "=" + }, + { + "version_value": "2.8.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Banking Platform", + "version": { + "version_data": [ + { + "version_value": "2.4.0", + "version_affected": "=" + }, + { + "version_value": "2.4.1", + "version_affected": "=" + }, + { + "version_value": "2.5.0", + "version_affected": "=" + }, + { + "version_value": "2.6.0", + "version_affected": "=" + }, + { + "version_value": "2.6.1", + "version_affected": "=" + }, + { + "version_value": "2.6.2", + "version_affected": "=" + }, + { + "version_value": "2.7.0", + "version_affected": "=" + }, + { + "version_value": "2.7.1", + "version_affected": "=" + }, + { + "version_value": "2.9.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Communications Service Broker", + "version": { + "version_data": [ + { + "version_value": "6.0", + "version_affected": "=" + }, + { + "version_value": "6.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Communications Services Gatekeeper", + "version": { + "version_data": [ + { + "version_value": "6.0", + "version_affected": "=" + }, + { + "version_value": "6.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_value": "12.0", + "version_affected": "=" + }, + { + "version_value": "12.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", "product": { "product_data": [ { @@ -31,7 +199,67 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation" + "product": { + "product_data": [ + { + "product_name": "Financial Services Revenue Management and Billing Analytics", + "version": { + "version_data": [ + { + "version_value": "2.6", + "version_affected": "=" + }, + { + "version_value": "2.7", + "version_affected": "=" + }, + { + "version_value": "2.8", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Communications Network Integrity", + "version": { + "version_data": [ + { + "version_value": "7.3.2-7.3.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Financial Services Lending and Leasing", + "version": { + "version_data": [ + { + "version_value": "12.5.0", + "version_affected": "=" + }, + { + "version_value": "14.1.0-14.2.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } @@ -83,15 +311,13 @@ "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, - { - "url": "https://www.oracle.com/security-alerts/cpujan2020.html", - "refsource": "MISC", - "name": "https://www.oracle.com/security-alerts/cpujan2020.html" - }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" } ] } diff --git a/2020/14xxx/CVE-2020-14527.json b/2020/14xxx/CVE-2020-14527.json index da80afbd443..5a817964c57 100644 --- a/2020/14xxx/CVE-2020-14527.json +++ b/2020/14xxx/CVE-2020-14527.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14527" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14528.json b/2020/14xxx/CVE-2020-14528.json index 368cdc3c311..5911ebdb9b7 100644 --- a/2020/14xxx/CVE-2020-14528.json +++ b/2020/14xxx/CVE-2020-14528.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14528" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14529.json b/2020/14xxx/CVE-2020-14529.json index e27a1a32530..f15039ce3da 100644 --- a/2020/14xxx/CVE-2020-14529.json +++ b/2020/14xxx/CVE-2020-14529.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14529" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14530.json b/2020/14xxx/CVE-2020-14530.json index b2e06aa92b8..61ad46ff3ba 100644 --- a/2020/14xxx/CVE-2020-14530.json +++ b/2020/14xxx/CVE-2020-14530.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14530" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Service", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14531.json b/2020/14xxx/CVE-2020-14531.json index 96133edf598..9915f8a6530 100644 --- a/2020/14xxx/CVE-2020-14531.json +++ b/2020/14xxx/CVE-2020-14531.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14531" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "20.6 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14532.json b/2020/14xxx/CVE-2020-14532.json index 8e1aa1fc162..3ed2bfebb32 100644 --- a/2020/14xxx/CVE-2020-14532.json +++ b/2020/14xxx/CVE-2020-14532.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14532" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Platform", + "version": { + "version_data": [ + { + "version_value": "11.1", + "version_affected": "=" + }, + { + "version_value": "11.2", + "version_affected": "=" + }, + { + "version_value": "11.3.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14533.json b/2020/14xxx/CVE-2020-14533.json index 532eeed6ae4..f44179cb3b6 100644 --- a/2020/14xxx/CVE-2020-14533.json +++ b/2020/14xxx/CVE-2020-14533.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14533" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Platform", + "version": { + "version_data": [ + { + "version_value": "11.1", + "version_affected": "=" + }, + { + "version_value": "11.2", + "version_affected": "=" + }, + { + "version_value": "11.3.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14534.json b/2020/14xxx/CVE-2020-14534.json index 04e81f06240..98517049fbe 100644 --- a/2020/14xxx/CVE-2020-14534.json +++ b/2020/14xxx/CVE-2020-14534.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14534" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Project Planning and Control", + "version": { + "version_data": [ + { + "version_value": "12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14535.json b/2020/14xxx/CVE-2020-14535.json index a7813a6f498..8fb6fd0db7e 100644 --- a/2020/14xxx/CVE-2020-14535.json +++ b/2020/14xxx/CVE-2020-14535.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14535" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Platform", + "version": { + "version_data": [ + { + "version_value": "11.1", + "version_affected": "=" + }, + { + "version_value": "11.2", + "version_affected": "=" + }, + { + "version_value": "11.3.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Service Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Service Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Service Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14536.json b/2020/14xxx/CVE-2020-14536.json index 7f5b4675109..c8abd6220c5 100644 --- a/2020/14xxx/CVE-2020-14536.json +++ b/2020/14xxx/CVE-2020-14536.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14536" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Guided Search / Oracle Commerce Experience Manager", + "version": { + "version_data": [ + { + "version_value": "11.0", + "version_affected": "=" + }, + { + "version_value": "11.1", + "version_affected": "=" + }, + { + "version_value": "11.2", + "version_affected": "=" + }, + { + "version_value": "11.3.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). Supported versions that are affected are 11.0, 11.1, 11.2 and prior to 11.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14537.json b/2020/14xxx/CVE-2020-14537.json index 157ba51fb9b..6aa0607cbdb 100644 --- a/2020/14xxx/CVE-2020-14537.json +++ b/2020/14xxx/CVE-2020-14537.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14537" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14539.json b/2020/14xxx/CVE-2020-14539.json index 56328525706..a8b93609a59 100644 --- a/2020/14xxx/CVE-2020-14539.json +++ b/2020/14xxx/CVE-2020-14539.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14539" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.48 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14540.json b/2020/14xxx/CVE-2020-14540.json index 4f0c0785ac5..cff48877c86 100644 --- a/2020/14xxx/CVE-2020-14540.json +++ b/2020/14xxx/CVE-2020-14540.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14540" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14541.json b/2020/14xxx/CVE-2020-14541.json index f39423e0246..a78933b9cc6 100644 --- a/2020/14xxx/CVE-2020-14541.json +++ b/2020/14xxx/CVE-2020-14541.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14541" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Close Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.0", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14542.json b/2020/14xxx/CVE-2020-14542.json index f0b017f4b0d..16fd716472b 100644 --- a/2020/14xxx/CVE-2020-14542.json +++ b/2020/14xxx/CVE-2020-14542.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14542" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.3", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14543.json b/2020/14xxx/CVE-2020-14543.json index c9d14a8396d..663bfff5200 100644 --- a/2020/14xxx/CVE-2020-14543.json +++ b/2020/14xxx/CVE-2020-14543.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14543" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_value": "9.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14544.json b/2020/14xxx/CVE-2020-14544.json index f96b0a5ed23..4d26816376c 100644 --- a/2020/14xxx/CVE-2020-14544.json +++ b/2020/14xxx/CVE-2020-14544.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14544" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Transportation Management", + "version": { + "version_data": [ + { + "version_value": "6.4.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14545.json b/2020/14xxx/CVE-2020-14545.json index 8952ead5be0..28f17a67abd 100644 --- a/2020/14xxx/CVE-2020-14545.json +++ b/2020/14xxx/CVE-2020-14545.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14545" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14546.json b/2020/14xxx/CVE-2020-14546.json index 2497b306569..b682e8a86f0 100644 --- a/2020/14xxx/CVE-2020-14546.json +++ b/2020/14xxx/CVE-2020-14546.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14546" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Close Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14547.json b/2020/14xxx/CVE-2020-14547.json index 39ccff632a1..da912f8814a 100644 --- a/2020/14xxx/CVE-2020-14547.json +++ b/2020/14xxx/CVE-2020-14547.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14547" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14548.json b/2020/14xxx/CVE-2020-14548.json index d8b8f3c4561..c446bea64f5 100644 --- a/2020/14xxx/CVE-2020-14548.json +++ b/2020/14xxx/CVE-2020-14548.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14548" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.4", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14549.json b/2020/14xxx/CVE-2020-14549.json index ddcfe03e541..9b82db93e54 100644 --- a/2020/14xxx/CVE-2020-14549.json +++ b/2020/14xxx/CVE-2020-14549.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14549" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14550.json b/2020/14xxx/CVE-2020-14550.json index 4fd6e8c07de..3666157f1db 100644 --- a/2020/14xxx/CVE-2020-14550.json +++ b/2020/14xxx/CVE-2020-14550.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14550" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.48 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14551.json b/2020/14xxx/CVE-2020-14551.json index bd1ffe6ce85..b58863a0ba4 100644 --- a/2020/14xxx/CVE-2020-14551.json +++ b/2020/14xxx/CVE-2020-14551.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14551" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AutoVue 3D Professional Advanced", + "version": { + "version_data": [ + { + "version_value": "21.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle AutoVue accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14552.json b/2020/14xxx/CVE-2020-14552.json index a55daee1db9..2ae959f66ec 100644 --- a/2020/14xxx/CVE-2020-14552.json +++ b/2020/14xxx/CVE-2020-14552.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14552" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Portal", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14553.json b/2020/14xxx/CVE-2020-14553.json index 0c8840f5bd2..14386ee3554 100644 --- a/2020/14xxx/CVE-2020-14553.json +++ b/2020/14xxx/CVE-2020-14553.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14553" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14554.json b/2020/14xxx/CVE-2020-14554.json index 2eef79eef92..20442674336 100644 --- a/2020/14xxx/CVE-2020-14554.json +++ b/2020/14xxx/CVE-2020-14554.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14554" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.8", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14555.json b/2020/14xxx/CVE-2020-14555.json index 8adb28d979a..2e40a2f7552 100644 --- a/2020/14xxx/CVE-2020-14555.json +++ b/2020/14xxx/CVE-2020-14555.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14555" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14556.json b/2020/14xxx/CVE-2020-14556.json index 2292f4e8b91..ff5d333e99d 100644 --- a/2020/14xxx/CVE-2020-14556.json +++ b/2020/14xxx/CVE-2020-14556.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14556" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14557.json b/2020/14xxx/CVE-2020-14557.json index 0fa17d7a72e..f6c8efd1b86 100644 --- a/2020/14xxx/CVE-2020-14557.json +++ b/2020/14xxx/CVE-2020-14557.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14557" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14558.json b/2020/14xxx/CVE-2020-14558.json index a9c6b54c2c9..380370ebd5a 100644 --- a/2020/14xxx/CVE-2020-14558.json +++ b/2020/14xxx/CVE-2020-14558.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14558" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14559.json b/2020/14xxx/CVE-2020-14559.json index f9f846597b7..3ff61f80ccc 100644 --- a/2020/14xxx/CVE-2020-14559.json +++ b/2020/14xxx/CVE-2020-14559.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14559" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.48 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14560.json b/2020/14xxx/CVE-2020-14560.json index a73c4b95dee..323b33dd48a 100644 --- a/2020/14xxx/CVE-2020-14560.json +++ b/2020/14xxx/CVE-2020-14560.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14560" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion BI+", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion BI+ accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14561.json b/2020/14xxx/CVE-2020-14561.json index fb33e55f340..d3bf19360fa 100644 --- a/2020/14xxx/CVE-2020-14561.json +++ b/2020/14xxx/CVE-2020-14561.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14561" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_value": "9.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14562.json b/2020/14xxx/CVE-2020-14562.json index ffaae44fa76..68dd91d6278 100644 --- a/2020/14xxx/CVE-2020-14562.json +++ b/2020/14xxx/CVE-2020-14562.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14562" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 11.0.7, 14.0.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14563.json b/2020/14xxx/CVE-2020-14563.json index a58461d570f..b46e9a7e162 100644 --- a/2020/14xxx/CVE-2020-14563.json +++ b/2020/14xxx/CVE-2020-14563.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14563" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Communications Broker", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.2.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14564.json b/2020/14xxx/CVE-2020-14564.json index 921b445dc15..af8feb33c4d 100644 --- a/2020/14xxx/CVE-2020-14564.json +++ b/2020/14xxx/CVE-2020-14564.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14564" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14565.json b/2020/14xxx/CVE-2020-14565.json index b57905d52cb..8cf81a08c81 100644 --- a/2020/14xxx/CVE-2020-14565.json +++ b/2020/14xxx/CVE-2020-14565.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14565", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14565" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unified Directory", + "version": { + "version_data": [ + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Unified Directory. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Unified Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Unified Directory accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Unified Directory. CVSS 3.1 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Unified Directory. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Unified Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Unified Directory accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Unified Directory." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14566.json b/2020/14xxx/CVE-2020-14566.json index 4a1aee5b0e4..02584b44d39 100644 --- a/2020/14xxx/CVE-2020-14566.json +++ b/2020/14xxx/CVE-2020-14566.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14566" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14567.json b/2020/14xxx/CVE-2020-14567.json index 7c92f309f6e..a0a0bc6680a 100644 --- a/2020/14xxx/CVE-2020-14567.json +++ b/2020/14xxx/CVE-2020-14567.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14567" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.29 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.19 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14568.json b/2020/14xxx/CVE-2020-14568.json index 3828ec564ef..d06cc642209 100644 --- a/2020/14xxx/CVE-2020-14568.json +++ b/2020/14xxx/CVE-2020-14568.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14568" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14569.json b/2020/14xxx/CVE-2020-14569.json index 2d8cf108f43..f123166fafa 100644 --- a/2020/14xxx/CVE-2020-14569.json +++ b/2020/14xxx/CVE-2020-14569.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14569" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0", + "version_affected": "=" + }, + { + "version_value": "12.3.0", + "version_affected": "=" + }, + { + "version_value": "12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0", + "version_affected": "=" + }, + { + "version_value": "14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14570.json b/2020/14xxx/CVE-2020-14570.json index 0c0633b77d7..a4769d47862 100644 --- a/2020/14xxx/CVE-2020-14570.json +++ b/2020/14xxx/CVE-2020-14570.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14570" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14571.json b/2020/14xxx/CVE-2020-14571.json index e91a1047894..457819dc032 100644 --- a/2020/14xxx/CVE-2020-14571.json +++ b/2020/14xxx/CVE-2020-14571.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14571" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14572.json b/2020/14xxx/CVE-2020-14572.json index e78981cb19d..52421981e59 100644 --- a/2020/14xxx/CVE-2020-14572.json +++ b/2020/14xxx/CVE-2020-14572.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14572" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14573.json b/2020/14xxx/CVE-2020-14573.json index 648cdcd1e86..29963b16a0c 100644 --- a/2020/14xxx/CVE-2020-14573.json +++ b/2020/14xxx/CVE-2020-14573.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14573" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 11.0.7, 14.0.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14574.json b/2020/14xxx/CVE-2020-14574.json index 94fd10cf81b..3bc858b4cbe 100644 --- a/2020/14xxx/CVE-2020-14574.json +++ b/2020/14xxx/CVE-2020-14574.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14574" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communications Interactive Session Recorder", + "version": { + "version_data": [ + { + "version_value": "6.1-6.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE). Supported versions that are affected are 6.1-6.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Interactive Session Recorder executes to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Interactive Session Recorder accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Interactive Session Recorder accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Interactive Session Recorder executes to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Interactive Session Recorder accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Interactive Session Recorder accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14575.json b/2020/14xxx/CVE-2020-14575.json index 6ec3880d921..fd102f614d3 100644 --- a/2020/14xxx/CVE-2020-14575.json +++ b/2020/14xxx/CVE-2020-14575.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14575" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14576.json b/2020/14xxx/CVE-2020-14576.json index 508037a7a87..e6ce6145c15 100644 --- a/2020/14xxx/CVE-2020-14576.json +++ b/2020/14xxx/CVE-2020-14576.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14576" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14577.json b/2020/14xxx/CVE-2020-14577.json index 717818e033b..17351089f79 100644 --- a/2020/14xxx/CVE-2020-14577.json +++ b/2020/14xxx/CVE-2020-14577.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14577" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14578.json b/2020/14xxx/CVE-2020-14578.json index 081fcb746e2..69468e5f8ef 100644 --- a/2020/14xxx/CVE-2020-14578.json +++ b/2020/14xxx/CVE-2020-14578.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14578" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14579.json b/2020/14xxx/CVE-2020-14579.json index 9be7e1c747d..307cf6502f8 100644 --- a/2020/14xxx/CVE-2020-14579.json +++ b/2020/14xxx/CVE-2020-14579.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14579" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14580.json b/2020/14xxx/CVE-2020-14580.json index 1367d22a7e9..56eb07e95dd 100644 --- a/2020/14xxx/CVE-2020-14580.json +++ b/2020/14xxx/CVE-2020-14580.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14580" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communications Session Border Controller", + "version": { + "version_data": [ + { + "version_value": "8.1.0", + "version_affected": "=" + }, + { + "version_value": "8.2.0", + "version_affected": "=" + }, + { + "version_value": "8.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications (component: System Admin). Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Communications Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Communications Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14581.json b/2020/14xxx/CVE-2020-14581.json index b43ca9198e8..0006e994a9b 100644 --- a/2020/14xxx/CVE-2020-14581.json +++ b/2020/14xxx/CVE-2020-14581.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14581" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14582.json b/2020/14xxx/CVE-2020-14582.json index 0389ad2ef67..d9be7621958 100644 --- a/2020/14xxx/CVE-2020-14582.json +++ b/2020/14xxx/CVE-2020-14582.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14582" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14583.json b/2020/14xxx/CVE-2020-14583.json index 09d71c6434a..b7378081596 100644 --- a/2020/14xxx/CVE-2020-14583.json +++ b/2020/14xxx/CVE-2020-14583.json @@ -1,18 +1,91 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14583" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.2", + "version_affected": "=" + }, + { + "version_value": "20.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14584.json b/2020/14xxx/CVE-2020-14584.json index ba03dfa2b36..eaf1c306454 100644 --- a/2020/14xxx/CVE-2020-14584.json +++ b/2020/14xxx/CVE-2020-14584.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14584" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14585.json b/2020/14xxx/CVE-2020-14585.json index 2b4160955b7..8d7f1eda8c8 100644 --- a/2020/14xxx/CVE-2020-14585.json +++ b/2020/14xxx/CVE-2020-14585.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14585" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14586.json b/2020/14xxx/CVE-2020-14586.json index a8685757e7c..4035ce5d07e 100644 --- a/2020/14xxx/CVE-2020-14586.json +++ b/2020/14xxx/CVE-2020-14586.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14586" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14587.json b/2020/14xxx/CVE-2020-14587.json index cb8c960fdc2..6b029114948 100644 --- a/2020/14xxx/CVE-2020-14587.json +++ b/2020/14xxx/CVE-2020-14587.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14587" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise FIN Expenses", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Expenses accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Expenses accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14588.json b/2020/14xxx/CVE-2020-14588.json index 0d49148084d..a910aa9f57c 100644 --- a/2020/14xxx/CVE-2020-14588.json +++ b/2020/14xxx/CVE-2020-14588.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14588" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14589.json b/2020/14xxx/CVE-2020-14589.json index 651ba40d99f..d3594cc0979 100644 --- a/2020/14xxx/CVE-2020-14589.json +++ b/2020/14xxx/CVE-2020-14589.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14589" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14590.json b/2020/14xxx/CVE-2020-14590.json index 2cfa5d29f5e..8d921f2769a 100644 --- a/2020/14xxx/CVE-2020-14590.json +++ b/2020/14xxx/CVE-2020-14590.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14590" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14591.json b/2020/14xxx/CVE-2020-14591.json index 932ae6a4807..6ce779f19a8 100644 --- a/2020/14xxx/CVE-2020-14591.json +++ b/2020/14xxx/CVE-2020-14591.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14591" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14592.json b/2020/14xxx/CVE-2020-14592.json index e90485e094b..eab6e8d5a9f 100644 --- a/2020/14xxx/CVE-2020-14592.json +++ b/2020/14xxx/CVE-2020-14592.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14592" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14593.json b/2020/14xxx/CVE-2020-14593.json index 1efd2d5a63f..2815b3de9e3 100644 --- a/2020/14xxx/CVE-2020-14593.json +++ b/2020/14xxx/CVE-2020-14593.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14593" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14594.json b/2020/14xxx/CVE-2020-14594.json index 7155261b8be..4186b8e42d8 100644 --- a/2020/14xxx/CVE-2020-14594.json +++ b/2020/14xxx/CVE-2020-14594.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14594" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_value": "9.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Inventory Integration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14595.json b/2020/14xxx/CVE-2020-14595.json index 6f2afdeda2a..b1b2a1f68cb 100644 --- a/2020/14xxx/CVE-2020-14595.json +++ b/2020/14xxx/CVE-2020-14595.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14595" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iLearning", + "version": { + "version_data": [ + { + "version_value": "6.1", + "version_affected": "=" + }, + { + "version_value": "6.1.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). Supported versions that are affected are 6.1 and 6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iLearning. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iLearning." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14596.json b/2020/14xxx/CVE-2020-14596.json index 4763b4d0039..33a84a81427 100644 --- a/2020/14xxx/CVE-2020-14596.json +++ b/2020/14xxx/CVE-2020-14596.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14596" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Address Book). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14597.json b/2020/14xxx/CVE-2020-14597.json index 65e32dc038d..5b7925010d1 100644 --- a/2020/14xxx/CVE-2020-14597.json +++ b/2020/14xxx/CVE-2020-14597.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14597" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14598.json b/2020/14xxx/CVE-2020-14598.json index 05d8ba63b19..774641c01d8 100644 --- a/2020/14xxx/CVE-2020-14598.json +++ b/2020/14xxx/CVE-2020-14598.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14598" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Gateway for Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14599.json b/2020/14xxx/CVE-2020-14599.json index ef6fd19b1bf..d778c069a2c 100644 --- a/2020/14xxx/CVE-2020-14599.json +++ b/2020/14xxx/CVE-2020-14599.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14599" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Gateway for Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14600.json b/2020/14xxx/CVE-2020-14600.json index 54ba0b1f438..8e62d14f03a 100644 --- a/2020/14xxx/CVE-2020-14600.json +++ b/2020/14xxx/CVE-2020-14600.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14600" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14601.json b/2020/14xxx/CVE-2020-14601.json index 0d0f1b7d7ee..88ced02ec35 100644 --- a/2020/14xxx/CVE-2020-14601.json +++ b/2020/14xxx/CVE-2020-14601.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14601" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14602.json b/2020/14xxx/CVE-2020-14602.json index 65092b28b4e..40eb1d67925 100644 --- a/2020/14xxx/CVE-2020-14602.json +++ b/2020/14xxx/CVE-2020-14602.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14602" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14603.json b/2020/14xxx/CVE-2020-14603.json index f395802e95f..649c2c2bee9 100644 --- a/2020/14xxx/CVE-2020-14603.json +++ b/2020/14xxx/CVE-2020-14603.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14603" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14604.json b/2020/14xxx/CVE-2020-14604.json index cbca8b7ccab..7e8dcdb69cf 100644 --- a/2020/14xxx/CVE-2020-14604.json +++ b/2020/14xxx/CVE-2020-14604.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14604" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14605.json b/2020/14xxx/CVE-2020-14605.json index 1c78d313af4..9766389b5f7 100644 --- a/2020/14xxx/CVE-2020-14605.json +++ b/2020/14xxx/CVE-2020-14605.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14605" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14606.json b/2020/14xxx/CVE-2020-14606.json index 89ad0c1d2f0..2adee25aa86 100644 --- a/2020/14xxx/CVE-2020-14606.json +++ b/2020/14xxx/CVE-2020-14606.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14606" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SD-WAN Edge", + "version": { + "version_data": [ + { + "version_value": "8.2", + "version_affected": "=" + }, + { + "version_value": "9.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14607.json b/2020/14xxx/CVE-2020-14607.json index eef41af268f..20450528f78 100644 --- a/2020/14xxx/CVE-2020-14607.json +++ b/2020/14xxx/CVE-2020-14607.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14607" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fusion Middleware MapViewer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware MapViewer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware MapViewer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14608.json b/2020/14xxx/CVE-2020-14608.json index 6953b478e91..1979fe66a71 100644 --- a/2020/14xxx/CVE-2020-14608.json +++ b/2020/14xxx/CVE-2020-14608.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14608" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fusion Middleware MapViewer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14609.json b/2020/14xxx/CVE-2020-14609.json index f29cb18fca7..6e6496d5f4b 100644 --- a/2020/14xxx/CVE-2020-14609.json +++ b/2020/14xxx/CVE-2020-14609.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14609" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "5.5.0.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14610.json b/2020/14xxx/CVE-2020-14610.json index bba42528960..16ab77c5d6f 100644 --- a/2020/14xxx/CVE-2020-14610.json +++ b/2020/14xxx/CVE-2020-14610.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14610" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14611.json b/2020/14xxx/CVE-2020-14611.json index 149bf7cb4c7..47eab5fd6fb 100644 --- a/2020/14xxx/CVE-2020-14611.json +++ b/2020/14xxx/CVE-2020-14611.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14611" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Portal", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Portal." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14612.json b/2020/14xxx/CVE-2020-14612.json index f723d95e8e6..80fb490e75c 100644 --- a/2020/14xxx/CVE-2020-14612.json +++ b/2020/14xxx/CVE-2020-14612.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14612" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Time and Labor", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14613.json b/2020/14xxx/CVE-2020-14613.json index 718db40de32..cca0072df8f 100644 --- a/2020/14xxx/CVE-2020-14613.json +++ b/2020/14xxx/CVE-2020-14613.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14613" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14614.json b/2020/14xxx/CVE-2020-14614.json index d32fccd8d60..549e0d3226a 100644 --- a/2020/14xxx/CVE-2020-14614.json +++ b/2020/14xxx/CVE-2020-14614.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14614" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14615.json b/2020/14xxx/CVE-2020-14615.json index 938a0324cf3..899a4bc0320 100644 --- a/2020/14xxx/CVE-2020-14615.json +++ b/2020/14xxx/CVE-2020-14615.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14615" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14616.json b/2020/14xxx/CVE-2020-14616.json index 410f54b42ed..43c1f2dcba4 100644 --- a/2020/14xxx/CVE-2020-14616.json +++ b/2020/14xxx/CVE-2020-14616.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14616" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_value": "9.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14617.json b/2020/14xxx/CVE-2020-14617.json index 919fa35a721..c9855367596 100644 --- a/2020/14xxx/CVE-2020-14617.json +++ b/2020/14xxx/CVE-2020-14617.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14617" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Unifier", + "version": { + "version_data": [ + { + "version_value": "16.1", + "version_affected": "=" + }, + { + "version_value": "16.2", + "version_affected": "=" + }, + { + "version_value": "17.7-17.12", + "version_affected": "=" + }, + { + "version_value": "18.8", + "version_affected": "=" + }, + { + "version_value": "19.12; Mobile App: Prior to 20.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14618.json b/2020/14xxx/CVE-2020-14618.json index 9d0a60743b2..b09f67a16b9 100644 --- a/2020/14xxx/CVE-2020-14618.json +++ b/2020/14xxx/CVE-2020-14618.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14618" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Unifier", + "version": { + "version_data": [ + { + "version_value": "20.6", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). The supported version that is affected is Prior to 20.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14619.json b/2020/14xxx/CVE-2020-14619.json index bd7000a62c8..43315e353f2 100644 --- a/2020/14xxx/CVE-2020-14619.json +++ b/2020/14xxx/CVE-2020-14619.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14619" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14620.json b/2020/14xxx/CVE-2020-14620.json index bc15fe88dec..cc2b8c04c23 100644 --- a/2020/14xxx/CVE-2020-14620.json +++ b/2020/14xxx/CVE-2020-14620.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14620" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14621.json b/2020/14xxx/CVE-2020-14621.json index eab99aa20f9..337a2e142d1 100644 --- a/2020/14xxx/CVE-2020-14621.json +++ b/2020/14xxx/CVE-2020-14621.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14621" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14622.json b/2020/14xxx/CVE-2020-14622.json index 568d655b69a..fd2e1432dbc 100644 --- a/2020/14xxx/CVE-2020-14622.json +++ b/2020/14xxx/CVE-2020-14622.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14622" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14623.json b/2020/14xxx/CVE-2020-14623.json index 13037da1f0c..1259f76f776 100644 --- a/2020/14xxx/CVE-2020-14623.json +++ b/2020/14xxx/CVE-2020-14623.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14623" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14624.json b/2020/14xxx/CVE-2020-14624.json index 2ae4f3bce17..cf0745336d5 100644 --- a/2020/14xxx/CVE-2020-14624.json +++ b/2020/14xxx/CVE-2020-14624.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14624" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14625.json b/2020/14xxx/CVE-2020-14625.json index 0dfc7f1ae8b..6ce47e276ad 100644 --- a/2020/14xxx/CVE-2020-14625.json +++ b/2020/14xxx/CVE-2020-14625.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14625" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14626.json b/2020/14xxx/CVE-2020-14626.json index ce53484ff6c..8bd4c8e66d8 100644 --- a/2020/14xxx/CVE-2020-14626.json +++ b/2020/14xxx/CVE-2020-14626.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14626" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "5.5.0.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14627.json b/2020/14xxx/CVE-2020-14627.json index a3f6c391bef..7505a5a549a 100644 --- a/2020/14xxx/CVE-2020-14627.json +++ b/2020/14xxx/CVE-2020-14627.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14627" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14628.json b/2020/14xxx/CVE-2020-14628.json index 70038393329..9d17eee7fba 100644 --- a/2020/14xxx/CVE-2020-14628.json +++ b/2020/14xxx/CVE-2020-14628.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14628" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14629.json b/2020/14xxx/CVE-2020-14629.json index a3b770cbf77..6df8c80886d 100644 --- a/2020/14xxx/CVE-2020-14629.json +++ b/2020/14xxx/CVE-2020-14629.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14629" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14630.json b/2020/14xxx/CVE-2020-14630.json index b9f2fee99d8..8de9463bec8 100644 --- a/2020/14xxx/CVE-2020-14630.json +++ b/2020/14xxx/CVE-2020-14630.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14630" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Session Border Controller", + "version": { + "version_data": [ + { + "version_value": "8.1.0", + "version_affected": "=" + }, + { + "version_value": "8.2.0", + "version_affected": "=" + }, + { + "version_value": "8.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data and unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data and unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14631.json b/2020/14xxx/CVE-2020-14631.json index 37f3c9a5ccf..20c6f32f755 100644 --- a/2020/14xxx/CVE-2020-14631.json +++ b/2020/14xxx/CVE-2020-14631.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14631" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14632.json b/2020/14xxx/CVE-2020-14632.json index bac07347000..a044421a3cf 100644 --- a/2020/14xxx/CVE-2020-14632.json +++ b/2020/14xxx/CVE-2020-14632.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14632" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14633.json b/2020/14xxx/CVE-2020-14633.json index e7fd788b104..9797db3f560 100644 --- a/2020/14xxx/CVE-2020-14633.json +++ b/2020/14xxx/CVE-2020-14633.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14633" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14634.json b/2020/14xxx/CVE-2020-14634.json index a5b6c3c4f60..417a7bac706 100644 --- a/2020/14xxx/CVE-2020-14634.json +++ b/2020/14xxx/CVE-2020-14634.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14634" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14635.json b/2020/14xxx/CVE-2020-14635.json index 81947cbc3b7..a38395d46bc 100644 --- a/2020/14xxx/CVE-2020-14635.json +++ b/2020/14xxx/CVE-2020-14635.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14635" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_value": "12.2.5-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14636.json b/2020/14xxx/CVE-2020-14636.json index 09d0baaf00f..6b4c436cabe 100644 --- a/2020/14xxx/CVE-2020-14636.json +++ b/2020/14xxx/CVE-2020-14636.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14636" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14637.json b/2020/14xxx/CVE-2020-14637.json index d36944f6d39..dc550a6fa40 100644 --- a/2020/14xxx/CVE-2020-14637.json +++ b/2020/14xxx/CVE-2020-14637.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14637" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14638.json b/2020/14xxx/CVE-2020-14638.json index 657f2e0aff6..ba10e895e06 100644 --- a/2020/14xxx/CVE-2020-14638.json +++ b/2020/14xxx/CVE-2020-14638.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14638" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14639.json b/2020/14xxx/CVE-2020-14639.json index 4d9d9363f9b..8c0ba651ead 100644 --- a/2020/14xxx/CVE-2020-14639.json +++ b/2020/14xxx/CVE-2020-14639.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14639" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14640.json b/2020/14xxx/CVE-2020-14640.json index d582a257ea7..e628ba52b0a 100644 --- a/2020/14xxx/CVE-2020-14640.json +++ b/2020/14xxx/CVE-2020-14640.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14640" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14641.json b/2020/14xxx/CVE-2020-14641.json index 3db6786a214..77cffb02539 100644 --- a/2020/14xxx/CVE-2020-14641.json +++ b/2020/14xxx/CVE-2020-14641.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14641" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14642.json b/2020/14xxx/CVE-2020-14642.json index ad681535839..ef5ba842a59 100644 --- a/2020/14xxx/CVE-2020-14642.json +++ b/2020/14xxx/CVE-2020-14642.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14642" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Coherence", + "version": { + "version_data": [ + { + "version_value": "3.7.1.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14643.json b/2020/14xxx/CVE-2020-14643.json index 733eb3c2073..1015f82b1f1 100644 --- a/2020/14xxx/CVE-2020-14643.json +++ b/2020/14xxx/CVE-2020-14643.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14643" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14644.json b/2020/14xxx/CVE-2020-14644.json index 673962ed869..d47e6c2b774 100644 --- a/2020/14xxx/CVE-2020-14644.json +++ b/2020/14xxx/CVE-2020-14644.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14644" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14645.json b/2020/14xxx/CVE-2020-14645.json index 3c4890713a9..6c97b7a1248 100644 --- a/2020/14xxx/CVE-2020-14645.json +++ b/2020/14xxx/CVE-2020-14645.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14645" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14646.json b/2020/14xxx/CVE-2020-14646.json index 736a2f22891..d927a8b5eca 100644 --- a/2020/14xxx/CVE-2020-14646.json +++ b/2020/14xxx/CVE-2020-14646.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14646" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14647.json b/2020/14xxx/CVE-2020-14647.json index 57c1c042625..f82b6ab96b9 100644 --- a/2020/14xxx/CVE-2020-14647.json +++ b/2020/14xxx/CVE-2020-14647.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14647" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14648.json b/2020/14xxx/CVE-2020-14648.json index be96896cd2e..0b2f67cb76f 100644 --- a/2020/14xxx/CVE-2020-14648.json +++ b/2020/14xxx/CVE-2020-14648.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14648" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14649.json b/2020/14xxx/CVE-2020-14649.json index f90950a7a14..021966d2fe3 100644 --- a/2020/14xxx/CVE-2020-14649.json +++ b/2020/14xxx/CVE-2020-14649.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14649" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14650.json b/2020/14xxx/CVE-2020-14650.json index 8e45124859d..2d2e2fbe0db 100644 --- a/2020/14xxx/CVE-2020-14650.json +++ b/2020/14xxx/CVE-2020-14650.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14650" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14651.json b/2020/14xxx/CVE-2020-14651.json index 73d512f8abb..389aceeb927 100644 --- a/2020/14xxx/CVE-2020-14651.json +++ b/2020/14xxx/CVE-2020-14651.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14651" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14652.json b/2020/14xxx/CVE-2020-14652.json index 6b763615122..0e98a45580e 100644 --- a/2020/14xxx/CVE-2020-14652.json +++ b/2020/14xxx/CVE-2020-14652.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14652" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14653.json b/2020/14xxx/CVE-2020-14653.json index f6891cc0f88..6ab4d101b16 100644 --- a/2020/14xxx/CVE-2020-14653.json +++ b/2020/14xxx/CVE-2020-14653.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14653" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.2.20.1", + "version_affected": "=" + }, + { + "version_value": "17.1.0.0-17.12.17.1", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.18.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1 and 18.1.0.0-18.8.18.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14654.json b/2020/14xxx/CVE-2020-14654.json index 190c723a095..f2aadffd23f 100644 --- a/2020/14xxx/CVE-2020-14654.json +++ b/2020/14xxx/CVE-2020-14654.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14654" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14655.json b/2020/14xxx/CVE-2020-14655.json index e923261f06c..7eb23ffa348 100644 --- a/2020/14xxx/CVE-2020-14655.json +++ b/2020/14xxx/CVE-2020-14655.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14655" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Service", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Security Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14656.json b/2020/14xxx/CVE-2020-14656.json index 67ff674dcb4..4c26b32cca8 100644 --- a/2020/14xxx/CVE-2020-14656.json +++ b/2020/14xxx/CVE-2020-14656.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14656" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14657.json b/2020/14xxx/CVE-2020-14657.json index fcec9602057..fb7656d4e1d 100644 --- a/2020/14xxx/CVE-2020-14657.json +++ b/2020/14xxx/CVE-2020-14657.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14657" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14658.json b/2020/14xxx/CVE-2020-14658.json index 84a941031bb..b10b7d59ce1 100644 --- a/2020/14xxx/CVE-2020-14658.json +++ b/2020/14xxx/CVE-2020-14658.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14658" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14659.json b/2020/14xxx/CVE-2020-14659.json index 98dc97bcde2..e7c65e5d741 100644 --- a/2020/14xxx/CVE-2020-14659.json +++ b/2020/14xxx/CVE-2020-14659.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14659" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14660.json b/2020/14xxx/CVE-2020-14660.json index aafc88ea061..a2ac83d42cd 100644 --- a/2020/14xxx/CVE-2020-14660.json +++ b/2020/14xxx/CVE-2020-14660.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14660" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14661.json b/2020/14xxx/CVE-2020-14661.json index 07a300dbe60..3b60ed6c27c 100644 --- a/2020/14xxx/CVE-2020-14661.json +++ b/2020/14xxx/CVE-2020-14661.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14661" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14662.json b/2020/14xxx/CVE-2020-14662.json index bd612e46d70..373b8b1b225 100644 --- a/2020/14xxx/CVE-2020-14662.json +++ b/2020/14xxx/CVE-2020-14662.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14662" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14663.json b/2020/14xxx/CVE-2020-14663.json index c93ccd3849c..4272d8755c0 100644 --- a/2020/14xxx/CVE-2020-14663.json +++ b/2020/14xxx/CVE-2020-14663.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14663" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14664.json b/2020/14xxx/CVE-2020-14664.json index 27f0d11f49b..f75e7a2d44d 100644 --- a/2020/14xxx/CVE-2020-14664.json +++ b/2020/14xxx/CVE-2020-14664.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14664" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u251", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14665.json b/2020/14xxx/CVE-2020-14665.json index b3e28deef56..5cb4633dae0 100644 --- a/2020/14xxx/CVE-2020-14665.json +++ b/2020/14xxx/CVE-2020-14665.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14665" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trade Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14666.json b/2020/14xxx/CVE-2020-14666.json index e8fb30f7cd5..53b6ecb8f08 100644 --- a/2020/14xxx/CVE-2020-14666.json +++ b/2020/14xxx/CVE-2020-14666.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14666" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14667.json b/2020/14xxx/CVE-2020-14667.json index 42362621237..a2c7e3118ca 100644 --- a/2020/14xxx/CVE-2020-14667.json +++ b/2020/14xxx/CVE-2020-14667.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14667" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14668.json b/2020/14xxx/CVE-2020-14668.json index 2e38b11b8ae..48253cf6737 100644 --- a/2020/14xxx/CVE-2020-14668.json +++ b/2020/14xxx/CVE-2020-14668.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14668" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Intelligence", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14669.json b/2020/14xxx/CVE-2020-14669.json index 3d80e94a07f..ac6cef67569 100644 --- a/2020/14xxx/CVE-2020-14669.json +++ b/2020/14xxx/CVE-2020-14669.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14669" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Configurator", + "version": { + "version_data": [ + { + "version_value": "12.1", + "version_affected": "=" + }, + { + "version_value": "12.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14670.json b/2020/14xxx/CVE-2020-14670.json index 03f9c39a71f..26815a52b3d 100644 --- a/2020/14xxx/CVE-2020-14670.json +++ b/2020/14xxx/CVE-2020-14670.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14670" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Settings). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14671.json b/2020/14xxx/CVE-2020-14671.json index 87a11ce06ff..2f4231adde9 100644 --- a/2020/14xxx/CVE-2020-14671.json +++ b/2020/14xxx/CVE-2020-14671.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14671" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14673.json b/2020/14xxx/CVE-2020-14673.json index 2b1e987845e..d758df5013a 100644 --- a/2020/14xxx/CVE-2020-14673.json +++ b/2020/14xxx/CVE-2020-14673.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14673" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14674.json b/2020/14xxx/CVE-2020-14674.json index 2395380a067..f12c58efbc3 100644 --- a/2020/14xxx/CVE-2020-14674.json +++ b/2020/14xxx/CVE-2020-14674.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14674" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14675.json b/2020/14xxx/CVE-2020-14675.json index f8111d9024f..69ba6695c4d 100644 --- a/2020/14xxx/CVE-2020-14675.json +++ b/2020/14xxx/CVE-2020-14675.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14675" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14676.json b/2020/14xxx/CVE-2020-14676.json index 010a99c155f..5c7885cd608 100644 --- a/2020/14xxx/CVE-2020-14676.json +++ b/2020/14xxx/CVE-2020-14676.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14676" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14677.json b/2020/14xxx/CVE-2020-14677.json index 9760847b648..112aee5f6c0 100644 --- a/2020/14xxx/CVE-2020-14677.json +++ b/2020/14xxx/CVE-2020-14677.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14677" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14678.json b/2020/14xxx/CVE-2020-14678.json index 9afcb378a03..c860f8b54b4 100644 --- a/2020/14xxx/CVE-2020-14678.json +++ b/2020/14xxx/CVE-2020-14678.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14678" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14679.json b/2020/14xxx/CVE-2020-14679.json index db8e38b93ce..48e78881501 100644 --- a/2020/14xxx/CVE-2020-14679.json +++ b/2020/14xxx/CVE-2020-14679.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14679" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14680.json b/2020/14xxx/CVE-2020-14680.json index 321ea517acd..e86786141b9 100644 --- a/2020/14xxx/CVE-2020-14680.json +++ b/2020/14xxx/CVE-2020-14680.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14680" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14681.json b/2020/14xxx/CVE-2020-14681.json index 23128883728..5824f6d0687 100644 --- a/2020/14xxx/CVE-2020-14681.json +++ b/2020/14xxx/CVE-2020-14681.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14681" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Intelligence", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14682.json b/2020/14xxx/CVE-2020-14682.json index 55e285575ea..ff50e58a9af 100644 --- a/2020/14xxx/CVE-2020-14682.json +++ b/2020/14xxx/CVE-2020-14682.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14682" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Depot Repair", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14684.json b/2020/14xxx/CVE-2020-14684.json index 9fd5dd6e3c5..c8256e175ec 100644 --- a/2020/14xxx/CVE-2020-14684.json +++ b/2020/14xxx/CVE-2020-14684.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14684" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14685.json b/2020/14xxx/CVE-2020-14685.json index e597d4180c9..b1752ad6815 100644 --- a/2020/14xxx/CVE-2020-14685.json +++ b/2020/14xxx/CVE-2020-14685.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14685" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14686.json b/2020/14xxx/CVE-2020-14686.json index 78205831399..c10135f1a0b 100644 --- a/2020/14xxx/CVE-2020-14686.json +++ b/2020/14xxx/CVE-2020-14686.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14686" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14687.json b/2020/14xxx/CVE-2020-14687.json index dc4b081cdd8..fd5dfcb8f9b 100644 --- a/2020/14xxx/CVE-2020-14687.json +++ b/2020/14xxx/CVE-2020-14687.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14687" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14688.json b/2020/14xxx/CVE-2020-14688.json index d821747f474..67a66601229 100644 --- a/2020/14xxx/CVE-2020-14688.json +++ b/2020/14xxx/CVE-2020-14688.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14688" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14690.json b/2020/14xxx/CVE-2020-14690.json index ad0b1260d90..d9c7161abaf 100644 --- a/2020/14xxx/CVE-2020-14690.json +++ b/2020/14xxx/CVE-2020-14690.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14690" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "5.5.0.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14691.json b/2020/14xxx/CVE-2020-14691.json index a38262823ee..e74f6b52ecb 100644 --- a/2020/14xxx/CVE-2020-14691.json +++ b/2020/14xxx/CVE-2020-14691.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14691" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Liquidity Risk Management", + "version": { + "version_data": [ + { + "version_value": "8.0.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14692.json b/2020/14xxx/CVE-2020-14692.json index ea7cc4eb727..d363e597de3 100644 --- a/2020/14xxx/CVE-2020-14692.json +++ b/2020/14xxx/CVE-2020-14692.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14692" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Loan Loss Forecasting and Provisioning", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.0.8", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14693.json b/2020/14xxx/CVE-2020-14693.json index 87e923d96ef..13ce3e85e7d 100644 --- a/2020/14xxx/CVE-2020-14693.json +++ b/2020/14xxx/CVE-2020-14693.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14693" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insurance Accounting Analyzer", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.0.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14694.json b/2020/14xxx/CVE-2020-14694.json index 012a183602d..e89f86041ba 100644 --- a/2020/14xxx/CVE-2020-14694.json +++ b/2020/14xxx/CVE-2020-14694.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14694" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14695.json b/2020/14xxx/CVE-2020-14695.json index 676236fcf84..5d3f1ccb7b7 100644 --- a/2020/14xxx/CVE-2020-14695.json +++ b/2020/14xxx/CVE-2020-14695.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14695" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14696.json b/2020/14xxx/CVE-2020-14696.json index 58dd6c4de28..2cf056e8ef5 100644 --- a/2020/14xxx/CVE-2020-14696.json +++ b/2020/14xxx/CVE-2020-14696.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14696" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14697.json b/2020/14xxx/CVE-2020-14697.json index 9c561b97276..c5f195d88f7 100644 --- a/2020/14xxx/CVE-2020-14697.json +++ b/2020/14xxx/CVE-2020-14697.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14697" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14698.json b/2020/14xxx/CVE-2020-14698.json index 22469f2dc95..8246308447e 100644 --- a/2020/14xxx/CVE-2020-14698.json +++ b/2020/14xxx/CVE-2020-14698.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14698" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14699.json b/2020/14xxx/CVE-2020-14699.json index d52bbdb3b46..25359cf2574 100644 --- a/2020/14xxx/CVE-2020-14699.json +++ b/2020/14xxx/CVE-2020-14699.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14699" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14700.json b/2020/14xxx/CVE-2020-14700.json index dd40d8ff5d2..05c380a1710 100644 --- a/2020/14xxx/CVE-2020-14700.json +++ b/2020/14xxx/CVE-2020-14700.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14700" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14701.json b/2020/14xxx/CVE-2020-14701.json index 74bfcecc7aa..0e0ee1e7f76 100644 --- a/2020/14xxx/CVE-2020-14701.json +++ b/2020/14xxx/CVE-2020-14701.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14701" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SD-WAN Aware", + "version": { + "version_data": [ + { + "version_value": "8.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14702.json b/2020/14xxx/CVE-2020-14702.json index 740d1c68cc3..3ddc577f284 100644 --- a/2020/14xxx/CVE-2020-14702.json +++ b/2020/14xxx/CVE-2020-14702.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14702" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14703.json b/2020/14xxx/CVE-2020-14703.json index 307512750ef..e7b8e49e522 100644 --- a/2020/14xxx/CVE-2020-14703.json +++ b/2020/14xxx/CVE-2020-14703.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14703" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14704.json b/2020/14xxx/CVE-2020-14704.json index fdc214fedee..c6373ec7336 100644 --- a/2020/14xxx/CVE-2020-14704.json +++ b/2020/14xxx/CVE-2020-14704.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14704" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14705.json b/2020/14xxx/CVE-2020-14705.json index 7ea0b12a4e0..4deab9ebad6 100644 --- a/2020/14xxx/CVE-2020-14705.json +++ b/2020/14xxx/CVE-2020-14705.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14705" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GoldenGate", + "version": { + "version_data": [ + { + "version_value": "19.1.0.0.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.6", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14706.json b/2020/14xxx/CVE-2020-14706.json index fb300c4a4de..185b4e74e64 100644 --- a/2020/14xxx/CVE-2020-14706.json +++ b/2020/14xxx/CVE-2020-14706.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14706" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "17.1.0.0-17.12.17.1", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.19", + "version_affected": "=" + }, + { + "version_value": "19.12.0-19.12.5", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14707.json b/2020/14xxx/CVE-2020-14707.json index b3719743e92..d7883a1c0a8 100644 --- a/2020/14xxx/CVE-2020-14707.json +++ b/2020/14xxx/CVE-2020-14707.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14707" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14708.json b/2020/14xxx/CVE-2020-14708.json index c9cd878750b..ff554df9cf9 100644 --- a/2020/14xxx/CVE-2020-14708.json +++ b/2020/14xxx/CVE-2020-14708.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14708" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14709.json b/2020/14xxx/CVE-2020-14709.json index 48b71af5e6d..82d1481daf8 100644 --- a/2020/14xxx/CVE-2020-14709.json +++ b/2020/14xxx/CVE-2020-14709.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14709" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14710.json b/2020/14xxx/CVE-2020-14710.json index 49caa073585..6a7e3ebbc9b 100644 --- a/2020/14xxx/CVE-2020-14710.json +++ b/2020/14xxx/CVE-2020-14710.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14710" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14711.json b/2020/14xxx/CVE-2020-14711.json index cb2cdfa44ea..5bcce998d57 100644 --- a/2020/14xxx/CVE-2020-14711.json +++ b/2020/14xxx/CVE-2020-14711.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14711" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14712.json b/2020/14xxx/CVE-2020-14712.json index afadc7dcf3d..467d18235db 100644 --- a/2020/14xxx/CVE-2020-14712.json +++ b/2020/14xxx/CVE-2020-14712.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14712" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14713.json b/2020/14xxx/CVE-2020-14713.json index ec5e79805f4..f74abc0a905 100644 --- a/2020/14xxx/CVE-2020-14713.json +++ b/2020/14xxx/CVE-2020-14713.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14713" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14714.json b/2020/14xxx/CVE-2020-14714.json index c7c379a9b06..bbbecf4de53 100644 --- a/2020/14xxx/CVE-2020-14714.json +++ b/2020/14xxx/CVE-2020-14714.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14714" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14715.json b/2020/14xxx/CVE-2020-14715.json index d8854b6151b..99a3b7860a2 100644 --- a/2020/14xxx/CVE-2020-14715.json +++ b/2020/14xxx/CVE-2020-14715.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14715" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14716.json b/2020/14xxx/CVE-2020-14716.json index 106cd102a51..ef8e9774449 100644 --- a/2020/14xxx/CVE-2020-14716.json +++ b/2020/14xxx/CVE-2020-14716.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14716" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14717.json b/2020/14xxx/CVE-2020-14717.json index f2b8d8dc79f..da57c37d721 100644 --- a/2020/14xxx/CVE-2020-14717.json +++ b/2020/14xxx/CVE-2020-14717.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14717" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14718.json b/2020/14xxx/CVE-2020-14718.json index f669826475b..c2c629587b7 100644 --- a/2020/14xxx/CVE-2020-14718.json +++ b/2020/14xxx/CVE-2020-14718.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14718" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.2", + "version_affected": "=" + }, + { + "version_value": "20.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14719.json b/2020/14xxx/CVE-2020-14719.json index 0abd5887adc..608a6647a4d 100644 --- a/2020/14xxx/CVE-2020-14719.json +++ b/2020/14xxx/CVE-2020-14719.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14719" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Expenses", + "version": { + "version_data": [ + { + "version_value": "12.2.4-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14720.json b/2020/14xxx/CVE-2020-14720.json index ca1847fc6e0..786e0425cca 100644 --- a/2020/14xxx/CVE-2020-14720.json +++ b/2020/14xxx/CVE-2020-14720.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14720" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Expenses", + "version": { + "version_data": [ + { + "version_value": "12.2.4-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14721.json b/2020/14xxx/CVE-2020-14721.json index 6070e7ad6ff..5ddf79857b0 100644 --- a/2020/14xxx/CVE-2020-14721.json +++ b/2020/14xxx/CVE-2020-14721.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14721" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Communications Broker", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.2.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14722.json b/2020/14xxx/CVE-2020-14722.json index 02f2e7dd24f..78d672bd05c 100644 --- a/2020/14xxx/CVE-2020-14722.json +++ b/2020/14xxx/CVE-2020-14722.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14722" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Communications Broker", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.2.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14723.json b/2020/14xxx/CVE-2020-14723.json index d6055ecfe0a..190af07eb65 100644 --- a/2020/14xxx/CVE-2020-14723.json +++ b/2020/14xxx/CVE-2020-14723.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14723" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Help Technologies", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14724.json b/2020/14xxx/CVE-2020-14724.json index 68bb07850be..0c55afb9be7 100644 --- a/2020/14xxx/CVE-2020-14724.json +++ b/2020/14xxx/CVE-2020-14724.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14724" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2513.json b/2020/2xxx/CVE-2020-2513.json index c9706e65765..de8d0d66826 100644 --- a/2020/2xxx/CVE-2020-2513.json +++ b/2020/2xxx/CVE-2020-2513.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2513" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 7e579d6cce6..c2bda29f58a 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -35,7 +35,47 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Rapid Planning", + "version": { + "version_data": [ + { + "version_value": "12.1", + "version_affected": "=" + }, + { + "version_value": "12.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "Retail Assortment Planning", + "version": { + "version_data": [ + { + "version_value": "15.0", + "version_affected": "=" + }, + { + "version_value": "16.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } @@ -91,7 +131,10 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html" - } + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } ] } } \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2562.json b/2020/2xxx/CVE-2020-2562.json index 4ce6de3af0c..ce5c7c4a218 100644 --- a/2020/2xxx/CVE-2020-2562.json +++ b/2020/2xxx/CVE-2020-2562.json @@ -1,18 +1,75 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2562" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "16.1.0.0-16.1.5.1", + "version_affected": "=" + }, + { + "version_value": "18.0.0.0-18.0.2.0", + "version_affected": "=" + }, + { + "version_value": "19.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2966.json b/2020/2xxx/CVE-2020-2966.json index f48c8d83f3b..c2bb61ad8e4 100644 --- a/2020/2xxx/CVE-2020-2966.json +++ b/2020/2xxx/CVE-2020-2966.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2966" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2967.json b/2020/2xxx/CVE-2020-2967.json index d717efdb42c..30c08555387 100644 --- a/2020/2xxx/CVE-2020-2967.json +++ b/2020/2xxx/CVE-2020-2967.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2967", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2967" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2968.json b/2020/2xxx/CVE-2020-2968.json index 72810ca1394..25b4cbb6489 100644 --- a/2020/2xxx/CVE-2020-2968.json +++ b/2020/2xxx/CVE-2020-2968.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2968", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2968" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.0", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2969.json b/2020/2xxx/CVE-2020-2969.json index 2c0fc66f921..32e5e8c6ffa 100644 --- a/2020/2xxx/CVE-2020-2969.json +++ b/2020/2xxx/CVE-2020-2969.json @@ -1,18 +1,83 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2969" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.6", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2971.json b/2020/2xxx/CVE-2020-2971.json index 4def2fb2d6f..b1dea7fff63 100644 --- a/2020/2xxx/CVE-2020-2971.json +++ b/2020/2xxx/CVE-2020-2971.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2971", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2971" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2972.json b/2020/2xxx/CVE-2020-2972.json index 04f82e329b0..0f96cc09175 100644 --- a/2020/2xxx/CVE-2020-2972.json +++ b/2020/2xxx/CVE-2020-2972.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2972" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2973.json b/2020/2xxx/CVE-2020-2973.json index 8b2a1991169..55aaacc833c 100644 --- a/2020/2xxx/CVE-2020-2973.json +++ b/2020/2xxx/CVE-2020-2973.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2973" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2974.json b/2020/2xxx/CVE-2020-2974.json index 5997cfbf236..d7a589e69f0 100644 --- a/2020/2xxx/CVE-2020-2974.json +++ b/2020/2xxx/CVE-2020-2974.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2974" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2975.json b/2020/2xxx/CVE-2020-2975.json index ebc32bfc0c6..0802eacfef1 100644 --- a/2020/2xxx/CVE-2020-2975.json +++ b/2020/2xxx/CVE-2020-2975.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2975" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2976.json b/2020/2xxx/CVE-2020-2976.json index d7cb4e59ed5..63036a74771 100644 --- a/2020/2xxx/CVE-2020-2976.json +++ b/2020/2xxx/CVE-2020-2976.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2976" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2977.json b/2020/2xxx/CVE-2020-2977.json index 4db9fff54ba..3e831cdc2e4 100644 --- a/2020/2xxx/CVE-2020-2977.json +++ b/2020/2xxx/CVE-2020-2977.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2977" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_value": "5.1-19.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2978.json b/2020/2xxx/CVE-2020-2978.json index 65bda3eb48c..c6df7980a11 100644 --- a/2020/2xxx/CVE-2020-2978.json +++ b/2020/2xxx/CVE-2020-2978.json @@ -1,18 +1,79 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2978" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2981.json b/2020/2xxx/CVE-2020-2981.json index 3f9fc4c1cba..e4233a8a805 100644 --- a/2020/2xxx/CVE-2020-2981.json +++ b/2020/2xxx/CVE-2020-2981.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2981" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Berkeley DB", + "version": { + "version_data": [ + { + "version_value": "18.1.40", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.0", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2982.json b/2020/2xxx/CVE-2020-2982.json index 238f3e7e83a..4271fb5ff62 100644 --- a/2020/2xxx/CVE-2020-2982.json +++ b/2020/2xxx/CVE-2020-2982.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2982" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "13.3.0.0", + "version_affected": "=" + }, + { + "version_value": "13.4.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2983.json b/2020/2xxx/CVE-2020-2983.json index 3f7dab213b1..23e201d4f80 100644 --- a/2020/2xxx/CVE-2020-2983.json +++ b/2020/2xxx/CVE-2020-2983.json @@ -1,18 +1,71 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2983" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Masking and Subsetting", + "version": { + "version_data": [ + { + "version_value": "13.3.0.0", + "version_affected": "=" + }, + { + "version_value": "13.4.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Masking and Subsetting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Masking and Subsetting accessible data as well as unauthorized update, insert or delete access to some of Oracle Data Masking and Subsetting accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Masking and Subsetting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Masking and Subsetting accessible data as well as unauthorized update, insert or delete access to some of Oracle Data Masking and Subsetting accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2984.json b/2020/2xxx/CVE-2020-2984.json index 3460d173abd..fb04bff5dda 100644 --- a/2020/2xxx/CVE-2020-2984.json +++ b/2020/2xxx/CVE-2020-2984.json @@ -1,18 +1,67 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2984" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Configuration Manager", + "version": { + "version_data": [ + { + "version_value": "12.1.2.0.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] } - ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + } } -} \ No newline at end of file