admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-28 13:00:48 +00:00
parent 3262de0ec7
commit 8e3253df67
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 244 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/13xxx/CVE-2020-13569.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenEMR",
"version": {
"version_data": [
{
"version_value": "OpenEMR 5.0.2 ,OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1180",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1180"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability."
}
]
}

200
2020/4xxx/CVE-2020-4682.json
View File

@ -1,102 +1,102 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.0.0"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.1.0"
},
{
"version_value" : "7.5.0"
},
{
"version_value" : "9.2.0"
}
]
},
"product_name" : "MQ"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509."
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6408626",
"title" : "IBM Security Bulletin 6408626 (MQ)",
"url" : "https://www.ibm.com/support/pages/node/6408626"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-mq-cve20204682-code-exec (186509)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "H",
"SCORE" : "8.100",
"I" : "H",
"S" : "U",
"C" : "H",
"UI" : "N",
"A" : "H",
"AV" : "N",
"PR" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.0.0"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.1.0"
},
{
"version_value": "7.5.0"
},
{
"version_value": "9.2.0"
}
]
},
"product_name": "MQ"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-27T00:00:00",
"ID" : "CVE-2020-4682"
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509."
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6408626",
"title": "IBM Security Bulletin 6408626 (MQ)",
"url": "https://www.ibm.com/support/pages/node/6408626"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509",
"title": "X-Force Vulnerability Report",
"name": "ibm-mq-cve20204682-code-exec (186509)",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "H",
"SCORE": "8.100",
"I": "H",
"S": "U",
"C": "H",
"UI": "N",
"A": "H",
"AV": "N",
"PR": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-27T00:00:00",
"ID": "CVE-2020-4682"
}
}

194
2020/4xxx/CVE-2020-4888.json
View File

@ -1,99 +1,99 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "L",
"SCORE" : "6.300",
"AC" : "L",
"C" : "L",
"S" : "U",
"UI" : "N",
"A" : "L",
"AV" : "N",
"PR" : "L"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
},
{
"version_value" : "7.3.3.Patch.7"
},
{
"version_value" : "7.4.2.Patch.1"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "L",
"SCORE": "6.300",
"AC": "L",
"C": "L",
"S": "U",
"UI": "N",
"A": "L",
"AV": "N",
"PR": "L"
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6409306",
"title" : "IBM Security Bulletin 6409306 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6409306",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-qradar-cve20204888-code-exec (190912)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190912",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-27T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4888"
}
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3"
},
{
"version_value": "7.4"
},
{
"version_value": "7.3.3.Patch.7"
},
{
"version_value": "7.4.2.Patch.1"
}
]
},
"product_name": "QRadar SIEM"
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6409306",
"title": "IBM Security Bulletin 6409306 (QRadar SIEM)",
"name": "https://www.ibm.com/support/pages/node/6409306",
"refsource": "CONFIRM"
},
{
"name": "ibm-qradar-cve20204888-code-exec (190912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190912",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-27T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4888"
}
}