admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-23 14:01:44 +00:00
parent 6099ef0ac9
commit 8002ef5489
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 336 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/16xxx/CVE-2020-16240.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GE Digital APM Classic",
"version": {
"version_data": [
{
"version_value": "Versions 4.4 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges."
}
]
}

50
2020/16xxx/CVE-2020-16244.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GE Digital APM Classic",
"version": {
"version_data": [
{
"version_value": "Versions 4.4 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF A ONE-WAY HASH WITHOUT A SALT CWE-759"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords."
}
]
}

5
2020/24xxx/CVE-2020-24750.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2798",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2798"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b",
"url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
}
]
}

56
2020/25xxx/CVE-2020-25739.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7",
"url": "https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7"
}
]
}

3
2020/2xxx/CVE-2020-2279.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2279",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2280.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2280",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2281.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2281",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2282.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2282",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2283.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2283",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2284.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2284",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2285.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2285",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

174
2020/4xxx/CVE-2020-4324.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6336361",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6336361 (Security Secret Server)",
"url" : "https://www.ibm.com/support/pages/node/6336361"
},
{
"name" : "ibm-sss-cve20204324-sec-bypass (177515)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177515",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.8"
}
]
},
"product_name" : "Security Secret Server"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"I" : "L",
"UI" : "R",
"AV" : "N",
"A" : "N",
"C" : "N",
"S" : "U",
"SCORE" : "3.500",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4324",
"DATE_PUBLIC" : "2020-09-23T00:00:00"
}
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6336361",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6336361 (Security Secret Server)",
"url": "https://www.ibm.com/support/pages/node/6336361"
},
{
"name": "ibm-sss-cve20204324-sec-bypass (177515)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177515",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.8"
}
]
},
"product_name": "Security Secret Server"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"PR": "L",
"I": "L",
"UI": "R",
"AV": "N",
"A": "N",
"C": "N",
"S": "U",
"SCORE": "3.500",
"AC": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4324",
"DATE_PUBLIC": "2020-09-23T00:00:00"
}
}

172
2020/4xxx/CVE-2020-4340.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Secret Server",
"version" : {
"version_data" : [
{
"version_value" : "10.8"
}
]
}
}
]
}
"value": "IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Secret Server",
"version": {
"version_data": [
{
"version_value": "10.8"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6336361",
"title" : "IBM Security Bulletin 6336361 (Security Secret Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6336361"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178180",
"name" : "ibm-sss-cve20204340-sec-bypass (178180)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4340",
"DATE_PUBLIC" : "2020-09-23T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"PR" : "N",
"I" : "L",
"A" : "N",
"AV" : "N",
"SCORE" : "3.100",
"S" : "U",
"C" : "N",
"AC" : "H"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6336361",
"title": "IBM Security Bulletin 6336361 (Security Secret Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6336361"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178180",
"name": "ibm-sss-cve20204340-sec-bypass (178180)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4340",
"DATE_PUBLIC": "2020-09-23T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"UI": "R",
"PR": "N",
"I": "L",
"A": "N",
"AV": "N",
"SCORE": "3.100",
"S": "U",
"C": "N",
"AC": "H"
}
}
},
"data_version": "4.0",
"data_type": "CVE"
}