admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-07 18:01:15 +00:00
parent f6c4741b4e
commit 8703989ce8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 465 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
2019/19xxx/CVE-2019-19164.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Dext5 Upload ActiveX Arbitrary File Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RAONWiz",
"product": {
"product_data": [
{
"product_name": "dext.ocx ActiveX Control in Dext5 Upload",
"version": {
"version_data": [
{
"version_value": "Affected: 5.0.0.112 and earlier"
},
{
"version_value": "Fixed: 5.0.0.113"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yu, Donghyun"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344"
},
{
"refsource": "CONFIRM",
"name": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=23",
"url": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=23"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

56
2020/10xxx/CVE-2020-10971.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices. A crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10971",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10971"
}
]
}

56
2020/10xxx/CVE-2020-10972.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. A page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
}
]
}

56
2020/10xxx/CVE-2020-10973.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973"
}
]
}

56
2020/10xxx/CVE-2020-10974.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and WL-WN575A3 - RPT75A3.V4300.180801 devices, affecting a backup feature. A crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
}
]
}

5
2020/12xxx/CVE-2020-12608.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608",
"url": "https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157591/SolarWinds-MSP-PME-Cache-Service-Insecure-File-Permissions-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157591/SolarWinds-MSP-PME-Cache-Service-Insecure-File-Permissions-Code-Execution.html"
}
]
}

90
2020/7xxx/CVE-2020-7803.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Zoneplayer ActiveX File Download Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IMGTech Co,Ltd",
"product": {
"product_data": [
{
"product_name": "Zoneplayer",
"version": {
"version_data": [
{
"version_value": "2.0.1.4 and prior"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yu, Donghyun"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35346"
},
{
"refsource": "CONFIRM",
"name": "http://www.zoneplayer.co.kr/",
"url": "http://www.zoneplayer.co.kr/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

95
2020/7xxx/CVE-2020-7805.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7805",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Infomark",
"product": {
"product_data": [
{
"product_name": "KT Slim egg IML500",
"version": {
"version_data": [
{
"version_value": "R7283"
},
{
"version_value": "R8112"
},
{
"version_value": "R8424"
}
]
}
},
{
"product_name": "KT Slim egg IML520",
"version": {
"version_data": [
{
"version_value": "R8112"
},
{
"version_value": "R8368"
},
{
"version_value": "R8411"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Inhyeong Lee"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35362",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35362"
},
{
"refsource": "CONFIRM",
"name": "http://www.infomark.co.kr/bbs/board.php?bo_table=download&wr_id=57&sfl=wr_subject&stx=520&sop=and",
"url": "http://www.infomark.co.kr/bbs/board.php?bo_table=download&wr_id=57&sfl=wr_subject&stx=520&sop=and"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}