admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-21 15:01:16 +00:00
parent 5f60450721
commit 8c26f9f66f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 391 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/11xxx/CVE-2020-11710.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1." "value": "** DISPUTED ** An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. \u201c1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating \u2018An issue was discovered in docker-kong (for Kong) through 2.0.3.\u2019 is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a \u201cPatch\u201d link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.\u201d"
} }
] ]
}, },
@ -66,6 +66,11 @@
"url": "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c", "url": "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c" "name": "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c"
},
{
"refsource": "MISC",
"name": "https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949",
"url": "https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949"
} }
] ]
} }

50
2020/1xxx/CVE-2020-1799.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1799", "ID": "CVE-2020-1799",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "E6878-370",
"version": {
"version_data": [
{
"version_value": "10.0.3.1(H557SP27C233),10.0.3.1(H563SP1C00),10.0.3.1(H563SP1C233)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-uaf-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-uaf-en"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5752.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5752", "ID": "CVE-2020-5752",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "vulnreport@tenable.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Druva inSync Windows Client",
"version": {
"version_data": [
{
"version_value": "6.6.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Path Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-34",
"url": "https://www.tenable.com/security/research/tra-2020-34"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
} }
] ]
} }

50
2020/7xxx/CVE-2020-7655.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-7655", "ID": "CVE-2020-7655",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "report@snyk.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "netius",
"version": {
"version_data": [
{
"version_value": "All versions prior to 1.17.58"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Request Smuggling"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141",
"url": "https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks."
} }
] ]
} }

50
2020/8xxx/CVE-2020-8572.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8572", "ID": "CVE-2020-8572",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-alert@netapp.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sensitive Information Disclosure Vulnerability in Element OS and Element HealthTools",
"version": {
"version_data": [
{
"version_value": "Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20200520-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200520-0001/"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information."
} }
] ]
} }

102
2020/9xxx/CVE-2020-9045.json
View File

@ -1,18 +1,108 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"ID": "CVE-2020-9045", "ID": "CVE-2020-9045",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "C\u2022CURE 9000 and victor Video Management System - Cleartext storage of user credentials upon installation or upgrade of software."
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software House C\u2022CURE 9000 v2.70",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.70"
}
]
}
},
{
"product_name": "American Dynamics victor Video Management System v5.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "During installation or upgrade to Software House C\u2022CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 - Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-20-142-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All users should upgrade to the latest version. \n\nPlease note that while the upgrade will automatically remove the log file, we recommend existing deployments to securely delete the log file from the following path c:\\ProgramData\\Tyco\\InstallerTemp and then change the password for the affected user account. "
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

104
2020/9xxx/CVE-2020-9069.json
View File

@ -4,14 +4,112 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9069", "ID": "CVE-2020-9069",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Anne-AL00;Berkeley-L09;CD16-10;CD17-10;CD17-16;CD18-10;CD18-16;Columbia-TL00B;E6878-370;Honor 10 Lite;LelandP-L22A;TC5200-16;WS5200-11;WS5200-12;WS5200-16;WS5200-17;WS5800-10;WS6500-10;WS6500-16",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C675E9R1P3T8)"
},
{
"version_value": "Versions earlier than 10.0.1.1(C675R1)"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 9.0.0.187(C01E181R1P20T8)"
},
{
"version_value": "Versions earlier than 10.0.5.1(H610SP10C00)"
},
{
"version_value": "Versions earlier than 10.0.0.182(C675E17R2P2)"
},
{
"version_value": "Versions earlier than 9.1.0.166(C675E5R1P4T8)"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.23"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.23"
},
{
"version_value": "Versions earlier than 10.0.3.27"
},
{
"version_value": "Versions earlier than 10.0.2.8"
},
{
"version_value": "Versions earlier than 10.0.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-leakage-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-leakage-en"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly.Affected product versions include:Product Name version Affected Version;Anne-AL00 versions Versions earlier than 9.1.0.331(C675E9R1P3T8);Berkeley-L09 versions Versions earlier than 10.0.1.1(C675R1);CD16-10 versions Versions earlier than 10.0.2.8;CD17-10 versions Versions earlier than 10.0.2.8;CD17-16 versions Versions earlier than 10.0.2.8;CD18-10 versions Versions earlier than 10.0.2.8;CD18-16 versions Versions earlier than 10.0.2.8;Columbia-TL00B versions Versions earlier than 9.0.0.187(C01E181R1P20T8);E6878-370 versions Versions earlier than 10.0.5.1(H610SP10C00);Honor 10 Lite versions Versions earlier than 10.0.0.182(C675E17R2P2);LelandP-L22A versions Versions earlier than 9.1.0.166(C675E5R1P4T8);TC5200-16 versions"
} }
] ]
} }