admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-13 00:01:16 +00:00
parent 41e01e8b14
commit 8b583dfbed
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 373 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/3xxx/CVE-2018-3987.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3987",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3987",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": " Rakuten Viber",
"version": {
"version_data": [
{
"version_value": "Rakuten Viber Android 9.3.0.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device."
}
]
}

2
2019/0xxx/CVE-2019-0090.json
View File

@ -60,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access."
"value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
}
]
}

62
2019/18xxx/CVE-2019-18915.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18915",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP System Event Utility",
"version": {
"version_data": [
{
"version_value": "Prior to version 1.4.33"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of Arbitrary Code."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06559359",
"url": "https://support.hp.com/us-en/document/c06559359"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service."
}
]
}
}

58
2019/5xxx/CVE-2019-5322.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5322",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Intelligent Edge Switch 5400 3810 2920 2930 2530 with GigT port 2530 10/100 port or 2540",
"version": {
"version_data": [
{
"version_value": "16.08.* before 16.08.0009 16.09.* before 16.09.0007 16.10.* before 16.10.0003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure vulneraiblity"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions."
}
]
}

7
2020/1xxx/CVE-2020-1975.json
View File

@ -75,7 +75,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.\nThis issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.\nThis issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions."
"value": "Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions."
}
]
},
@ -113,8 +113,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1975"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1975",
"name": "https://security.paloaltonetworks.com/CVE-2020-1975"
}
]
},

7
2020/1xxx/CVE-2020-1976.json
View File

@ -51,7 +51,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.\nThis issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.\n"
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
]
},
@ -89,8 +89,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976",
"name": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
]
},

5
2020/1xxx/CVE-2020-1977.json
View File

@ -87,8 +87,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2020-1977"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1977",
"name": "https://security.paloaltonetworks.com/CVE-2020-1977"
}
]
},

2
2020/5xxx/CVE-2020-5241.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection.\n\nThis vulnerability is patched in version 0.7.4."
"value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4."
}
]
},

50
2020/6xxx/CVE-2020-6973.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Digi International ConnectPort LTS 32 MEI",
"version": {
"version_data": [
{
"version_value": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition."
}
]
}

50
2020/7xxx/CVE-2020-7208.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "LinuxKI",
"version": {
"version_data": [
{
"version_value": "6.0-1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2",
"url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2."
}
]
}

50
2020/7xxx/CVE-2020-7209.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "LinuxKI",
"version": {
"version_data": [
{
"version_value": "6.0-1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2",
"url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2."
}
]
}

18
2020/8xxx/CVE-2020-8959.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8960.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8961.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}