admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

JPCERT/CC 2020-09-18-13-49

Browse Source
This commit is contained in:
Ikuya Fukumoto 2020-09-18 13:50:24 +09:00
parent 23a655f460
commit 81eb2def8d
No known key found for this signature in database
GPG Key ID: 603034D3468A3441
4 changed files with 182 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/5xxx/CVE-2020-5605.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BUFFALO INC.",
"product": {
"product_data": [
{
"product_name": "WHR-G54S",
"version": {
"version_data": [
{
"version_value": "firmware 1.43 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.buffalo.jp/news/detail/20200911-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN09166495/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors."
}
]
}

50
2020/5xxx/CVE-2020-5606.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BUFFALO INC.",
"product": {
"product_data": [
{
"product_name": "WHR-G54S",
"version": {
"version_data": [
{
"version_value": "firmware 1.43 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.buffalo.jp/news/detail/20200911-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN09166495/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page."
}
]
}

47
2020/5xxx/CVE-2020-5628.json
View File

@ -4,14 +4,55 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "UNIQLO CO., LTD.",
"product": {
"product_data": [
{
"product_name": "UNIQLO App for Android",
"version": {
"version_data": [
{
"version_value": "versions 7.3.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/jp/JVN31864411/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack."
}
]
}

47
2020/5xxx/CVE-2020-5629.json
View File

@ -4,14 +4,55 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "UNIQLO CO., LTD.",
"product": {
"product_data": [
{
"product_name": "UNIQLO App for Android",
"version": {
"version_data": [
{
"version_value": "versions 7.3.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/jp/JVN31864411/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack."
}
]
}