From e9710cc7f1ccf77735aff7f987190039dcdd858e Mon Sep 17 00:00:00 2001 From: Omar Gani Date: Tue, 14 Jan 2020 17:56:27 +0100 Subject: [PATCH 01/24] juniper-2020-01-08 CVE publications, for more information see https://advisory.juniper.net --- 2020/1xxx/CVE-2020-1600.json | 201 ++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1601.json | 200 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1602.json | 235 +++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1603.json | 194 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1604.json | 180 +++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1605.json | 227 +++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1606.json | 216 ++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1607.json | 216 ++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1608.json | 200 +++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1609.json | 227 +++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1611.json | 106 ++++++++++++++++ 11 files changed, 2202 insertions(+) create mode 100644 2020/1xxx/CVE-2020-1600.json create mode 100644 2020/1xxx/CVE-2020-1601.json create mode 100644 2020/1xxx/CVE-2020-1602.json create mode 100644 2020/1xxx/CVE-2020-1603.json create mode 100644 2020/1xxx/CVE-2020-1604.json create mode 100644 2020/1xxx/CVE-2020-1605.json create mode 100644 2020/1xxx/CVE-2020-1606.json create mode 100644 2020/1xxx/CVE-2020-1607.json create mode 100644 2020/1xxx/CVE-2020-1608.json create mode 100644 2020/1xxx/CVE-2020-1609.json create mode 100644 2020/1xxx/CVE-2020-1611.json diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json new file mode 100644 index 00000000000..019c1294b7d --- /dev/null +++ b/2020/1xxx/CVE-2020-1600.json @@ -0,0 +1,201 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1600", + "STATE": "READY", + "TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D90" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S7" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S4, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required. The community \"public\" is minimal; other communities are impacted as well.\n\n [snmp community public]\n [logical-systems logical-system-name protocols mpls label-switched-path lsp-name]\n [protocols mpls label-switched-path]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.\n\nThis issue affects both SNMP over IPv4 and IPv6. \n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D90;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S5;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R3;\n18.2X75 versions prior to 18.2X75-D50;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185" + }, + { + "name": "https://kb.juniper.net/JSA10979", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10979" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D200, 15.1R7-S6, 15.1X53-D238, 15.1X53-D592, 16.1R7-S5, 16.2R2-S11, 17.1R3-S1, 17.2R3-S2, 17.3R3-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10979", + "defect": [ + "1402185" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "If SNMP is not needed, remove SNMP from the system, otherwise, there are no available workarounds for this issue. SNMP is disabled by default.\n\nAdditional steps which may reduce the risk of exploitation include: \nUtilizing edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json new file mode 100644 index 00000000000..01e663a1da5 --- /dev/null +++ b/2020/1xxx/CVE-2020-1601.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1601", + "STATE": "READY", + "TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1F6-S13, 15.1R7-S4" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S4" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S9" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S2, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D40" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.2R2-S6, 18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S2, 18.4R2" + }, + { + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D496, 15.1X53-D592" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [protocols pcep pce pce-id destination-ipv4-address ipv4-address]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).\n\nContinued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S13, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R2-S11, 17.1R3;\n17.2 versions prior to 17.2R1-S9;\n17.2 version 17.2R2 and later prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2-S6, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect releases of Junos OS prior to 15.1R1. \n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "253 - Incorrect Check of Function Return Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205" + }, + { + "name": "https://kb.juniper.net/JSA10980", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10980" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S13, 15.1R7-S4, 15.1X49-D180, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R7-S4, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S2, 17.3R3-S3, 17.4R2-S2, 17.4R2-S4, 17.4R3, 18.1R3-S2, 18.2R2-S6, 18.2R3, 18.2X75-D40, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10980", + "defect": [ + "1395205" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json new file mode 100644 index 00000000000..c0c36db0d7c --- /dev/null +++ b/2020/1xxx/CVE-2020-1602.json @@ -0,0 +1,235 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1602", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. \n\nThis issue affect IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Execution of Process" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json new file mode 100644 index 00000000000..daff4a35159 --- /dev/null +++ b/2020/1xxx/CVE-2020-1603.json @@ -0,0 +1,194 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1603", + "STATE": "READY", + "TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50, 18.2X75-D410" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S6, 18.4R2-S2, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "version_affected": ">=", + "version_name": "16.1", + "version_value": "16.1X70-D10" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue may occur when an interface is configured with IPv6.\nFor example: \n [interfaces fe-1/2/0 unit 1 family inet6 address 2001:db8:0:1::/64] " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. \n\nDuring the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. \nContinued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. \n\nScenarios which have been observed are: \n1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled.\n2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device.\n3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - \n3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed.\n4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario.\n\n \n \n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions prior to 16.1R7-S6;\n16.1 version 16.1X70-D10 and later; \n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect releases prior to Junos OS 16.1R1.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-710 Improper Adherence to Coding Standards" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10982", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10982" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S7, 18.2R3-S2, 18.2X75-D50, 18.2X75-D410, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S6, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10982", + "defect": [ + "1443576" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remove 'family inet6' from interfaces. Otherwise, there are no available workarounds for this issue.\n\nIndicators of compromise can be found by reviewing RE logs for entries which match in \" \" :\n\"/kernel: Mbuf: High Utililization Level\"\n\nAdditionally, you may issue the follow command from time to time to determine if your mbufs are climbing or are being released by reviewing across two separate times.\n\nThe required privilege level to run the command is: view.\nshow system buffers" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json new file mode 100644 index 00000000000..63e7a85eb7e --- /dev/null +++ b/2020/1xxx/CVE-2020-1604.json @@ -0,0 +1,180 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1604", + "STATE": "READY", + "TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "QFX5100 Series and EX4600 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D12" + }, + { + "platform": "QFX3500 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D52" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D48" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue affects Junos OS device with stateless IPv4 or IPv6 firewall filter configured:\n [firewall family inet filter]\n [firewall family inet6 filter]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.\n\nThis issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE).\nThis issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts.\n\nThis issue may occur when evaluating both IPv4 or IPv6 packets.\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series;\n14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series;\n14.1X53 versions prior to 14.1X53-D48 on EX4300 Series;\n15.1 versions prior to 15.1R7-S3 on EX4300 Series;\n16.1 versions prior to 16.1R7 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3 on EX4300 Series;\n17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series;\n17.4 versions prior to 17.4R2 on EX4300 Series;\n18.1 versions prior to 18.1R3 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10983", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10983" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "For QFX5100 Series and EX4600 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D12 and all subsequent releases.\n\nFor QFX3500 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D52 and all subsequent releases.\n\nFor EX4300 Series: \nThe following software releases have been updated to resolve this specific issue: 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1 and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10983", + "defect": [ + "1026708", + "1458027", + "1343402", + "1377189" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json new file mode 100644 index 00000000000..ac3f0d67431 --- /dev/null +++ b/2020/1xxx/CVE-2020-1605.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1605", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json new file mode 100644 index 00000000000..3d98da22a27 --- /dev/null +++ b/2020/1xxx/CVE-2020-1606.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1606", + "STATE": "READY", + "TITLE": "Junos OS: Path traversal vulnerability in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S13" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D85" + }, + { + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2-S3, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S4, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.\nThis issue does not affect system files that can be accessed only by root user.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10985", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10985" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R2-S3, 18.3R3, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10985", + "defect": [ + "1431298" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Limit access to the J-Web interface to only trusted users to reduce risks of exploitation of this vulnerability." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json new file mode 100644 index 00000000000..e53e7d7e842 --- /dev/null +++ b/2020/1xxx/CVE-2020-1607.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1607", + "STATE": "READY", + "TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S15" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D86, 12.3X48-D90" + }, + { + "platform": "EX and QFX Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D181, 15.1X49-D190" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S6, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2-S5, 18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S1, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S2, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. \n\n\nThis issue affects Juniper Networks Junos OS\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S6, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S2, 19.1R2." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10986", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10986" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13,15.1R7-S5, 15.1X49-D181, 15.1X49-D190, 15.1X53-D238, 15.1X53-D592, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10,17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S6, 17.4R3, 18.1R3-S7,18.2R2-S5, 18.2R3, 18.3R1-S6, 18.3R2-S1, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10986", + "defect": [ + "1434553" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Access the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access. \nAlternatively, disable J-Web. \n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json new file mode 100644 index 00000000000..01276107a2e --- /dev/null +++ b/2020/1xxx/CVE-2020-1608.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1608", + "STATE": "READY", + "TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2-S6, 17.2R3 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.3", + "version_value": "17.3R2-S4, 17.3R3-S2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7,17.4R3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.1", + "version_value": "18.1R2-S3, 18.1R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S6" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.2", + "version_value": "18.2R1-S1, 18.2R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D51, 18.2X75-D60" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "platform": "MX Series", + "version_affected": "!<", + "version_value": "17.2R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.\n\nThe issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.\n\n\nThis issue affects MX Series running Juniper Networks Junos OS:\n17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3;\n17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3;\n18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6;\n18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10987", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10987" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\n" + } + ], + "source": { + "advisory": "JSA10987", + "defect": [ + "1432957" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json new file mode 100644 index 00000000000..f5541906000 --- /dev/null +++ b/2020/1xxx/CVE-2020-1609.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1609", + "STATE": "READY", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv6 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json new file mode 100644 index 00000000000..771db91e487 --- /dev/null +++ b/2020/1xxx/CVE-2020-1611.json @@ -0,0 +1,106 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1611", + "STATE": "READY", + "TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "19.4R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.\nThis issue affects:\nJuniper Networks Junos Space\nversions prior to 19.4R1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local file inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10993" + }, + { + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10993", + "defect": [ + "1449224" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users." + } + ] +} \ No newline at end of file From f8fbad961ee02a38045c8664c5b476109bd07a02 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Tue, 14 Jan 2020 15:27:30 -0800 Subject: [PATCH 02/24] Bill Sit Oracle Critical Patch Update - January 2020 This update contains only Oracle CVEs. On branch cna/Oracle/CPU2020JanOracleCVEs Changes to be committed: modified: 2012/1xxx/CVE-2012-1695.json modified: 2019/2xxx/CVE-2019-2725.json modified: 2019/2xxx/CVE-2019-2729.json modified: 2019/2xxx/CVE-2019-2904.json modified: 2020/2xxx/CVE-2020-2510.json modified: 2020/2xxx/CVE-2020-2511.json modified: 2020/2xxx/CVE-2020-2512.json modified: 2020/2xxx/CVE-2020-2515.json modified: 2020/2xxx/CVE-2020-2516.json modified: 2020/2xxx/CVE-2020-2517.json modified: 2020/2xxx/CVE-2020-2518.json modified: 2020/2xxx/CVE-2020-2519.json modified: 2020/2xxx/CVE-2020-2527.json modified: 2020/2xxx/CVE-2020-2530.json modified: 2020/2xxx/CVE-2020-2531.json modified: 2020/2xxx/CVE-2020-2533.json modified: 2020/2xxx/CVE-2020-2534.json modified: 2020/2xxx/CVE-2020-2535.json modified: 2020/2xxx/CVE-2020-2536.json modified: 2020/2xxx/CVE-2020-2537.json modified: 2020/2xxx/CVE-2020-2538.json modified: 2020/2xxx/CVE-2020-2539.json modified: 2020/2xxx/CVE-2020-2540.json modified: 2020/2xxx/CVE-2020-2541.json modified: 2020/2xxx/CVE-2020-2542.json modified: 2020/2xxx/CVE-2020-2543.json modified: 2020/2xxx/CVE-2020-2544.json modified: 2020/2xxx/CVE-2020-2545.json modified: 2020/2xxx/CVE-2020-2546.json modified: 2020/2xxx/CVE-2020-2547.json modified: 2020/2xxx/CVE-2020-2548.json modified: 2020/2xxx/CVE-2020-2549.json modified: 2020/2xxx/CVE-2020-2550.json modified: 2020/2xxx/CVE-2020-2551.json modified: 2020/2xxx/CVE-2020-2552.json modified: 2020/2xxx/CVE-2020-2555.json modified: 2020/2xxx/CVE-2020-2556.json modified: 2020/2xxx/CVE-2020-2557.json modified: 2020/2xxx/CVE-2020-2558.json modified: 2020/2xxx/CVE-2020-2559.json modified: 2020/2xxx/CVE-2020-2560.json modified: 2020/2xxx/CVE-2020-2561.json modified: 2020/2xxx/CVE-2020-2563.json modified: 2020/2xxx/CVE-2020-2564.json modified: 2020/2xxx/CVE-2020-2565.json modified: 2020/2xxx/CVE-2020-2566.json modified: 2020/2xxx/CVE-2020-2567.json modified: 2020/2xxx/CVE-2020-2568.json modified: 2020/2xxx/CVE-2020-2569.json modified: 2020/2xxx/CVE-2020-2570.json modified: 2020/2xxx/CVE-2020-2571.json modified: 2020/2xxx/CVE-2020-2572.json modified: 2020/2xxx/CVE-2020-2573.json modified: 2020/2xxx/CVE-2020-2574.json modified: 2020/2xxx/CVE-2020-2576.json modified: 2020/2xxx/CVE-2020-2577.json modified: 2020/2xxx/CVE-2020-2578.json modified: 2020/2xxx/CVE-2020-2579.json modified: 2020/2xxx/CVE-2020-2580.json modified: 2020/2xxx/CVE-2020-2581.json modified: 2020/2xxx/CVE-2020-2582.json modified: 2020/2xxx/CVE-2020-2583.json modified: 2020/2xxx/CVE-2020-2584.json modified: 2020/2xxx/CVE-2020-2585.json modified: 2020/2xxx/CVE-2020-2586.json modified: 2020/2xxx/CVE-2020-2587.json modified: 2020/2xxx/CVE-2020-2588.json modified: 2020/2xxx/CVE-2020-2589.json modified: 2020/2xxx/CVE-2020-2590.json modified: 2020/2xxx/CVE-2020-2591.json modified: 2020/2xxx/CVE-2020-2592.json modified: 2020/2xxx/CVE-2020-2593.json modified: 2020/2xxx/CVE-2020-2595.json modified: 2020/2xxx/CVE-2020-2596.json modified: 2020/2xxx/CVE-2020-2597.json modified: 2020/2xxx/CVE-2020-2598.json modified: 2020/2xxx/CVE-2020-2599.json modified: 2020/2xxx/CVE-2020-2600.json modified: 2020/2xxx/CVE-2020-2601.json modified: 2020/2xxx/CVE-2020-2602.json modified: 2020/2xxx/CVE-2020-2603.json modified: 2020/2xxx/CVE-2020-2604.json modified: 2020/2xxx/CVE-2020-2605.json modified: 2020/2xxx/CVE-2020-2606.json modified: 2020/2xxx/CVE-2020-2607.json modified: 2020/2xxx/CVE-2020-2608.json modified: 2020/2xxx/CVE-2020-2609.json modified: 2020/2xxx/CVE-2020-2610.json modified: 2020/2xxx/CVE-2020-2611.json modified: 2020/2xxx/CVE-2020-2612.json modified: 2020/2xxx/CVE-2020-2613.json modified: 2020/2xxx/CVE-2020-2614.json modified: 2020/2xxx/CVE-2020-2615.json modified: 2020/2xxx/CVE-2020-2616.json modified: 2020/2xxx/CVE-2020-2617.json modified: 2020/2xxx/CVE-2020-2618.json modified: 2020/2xxx/CVE-2020-2619.json modified: 2020/2xxx/CVE-2020-2620.json modified: 2020/2xxx/CVE-2020-2621.json modified: 2020/2xxx/CVE-2020-2622.json modified: 2020/2xxx/CVE-2020-2623.json modified: 2020/2xxx/CVE-2020-2624.json modified: 2020/2xxx/CVE-2020-2625.json modified: 2020/2xxx/CVE-2020-2626.json modified: 2020/2xxx/CVE-2020-2627.json modified: 2020/2xxx/CVE-2020-2628.json modified: 2020/2xxx/CVE-2020-2629.json modified: 2020/2xxx/CVE-2020-2630.json modified: 2020/2xxx/CVE-2020-2631.json modified: 2020/2xxx/CVE-2020-2632.json modified: 2020/2xxx/CVE-2020-2633.json modified: 2020/2xxx/CVE-2020-2634.json modified: 2020/2xxx/CVE-2020-2635.json modified: 2020/2xxx/CVE-2020-2636.json modified: 2020/2xxx/CVE-2020-2637.json modified: 2020/2xxx/CVE-2020-2638.json modified: 2020/2xxx/CVE-2020-2639.json modified: 2020/2xxx/CVE-2020-2640.json modified: 2020/2xxx/CVE-2020-2641.json modified: 2020/2xxx/CVE-2020-2642.json modified: 2020/2xxx/CVE-2020-2643.json modified: 2020/2xxx/CVE-2020-2644.json modified: 2020/2xxx/CVE-2020-2645.json modified: 2020/2xxx/CVE-2020-2646.json modified: 2020/2xxx/CVE-2020-2647.json modified: 2020/2xxx/CVE-2020-2648.json modified: 2020/2xxx/CVE-2020-2649.json modified: 2020/2xxx/CVE-2020-2650.json modified: 2020/2xxx/CVE-2020-2651.json modified: 2020/2xxx/CVE-2020-2652.json modified: 2020/2xxx/CVE-2020-2653.json modified: 2020/2xxx/CVE-2020-2654.json modified: 2020/2xxx/CVE-2020-2655.json modified: 2020/2xxx/CVE-2020-2656.json modified: 2020/2xxx/CVE-2020-2657.json modified: 2020/2xxx/CVE-2020-2658.json modified: 2020/2xxx/CVE-2020-2659.json modified: 2020/2xxx/CVE-2020-2660.json modified: 2020/2xxx/CVE-2020-2661.json modified: 2020/2xxx/CVE-2020-2662.json modified: 2020/2xxx/CVE-2020-2663.json modified: 2020/2xxx/CVE-2020-2664.json modified: 2020/2xxx/CVE-2020-2665.json modified: 2020/2xxx/CVE-2020-2666.json modified: 2020/2xxx/CVE-2020-2667.json modified: 2020/2xxx/CVE-2020-2668.json modified: 2020/2xxx/CVE-2020-2669.json modified: 2020/2xxx/CVE-2020-2670.json modified: 2020/2xxx/CVE-2020-2671.json modified: 2020/2xxx/CVE-2020-2672.json modified: 2020/2xxx/CVE-2020-2673.json modified: 2020/2xxx/CVE-2020-2674.json modified: 2020/2xxx/CVE-2020-2675.json modified: 2020/2xxx/CVE-2020-2676.json modified: 2020/2xxx/CVE-2020-2677.json modified: 2020/2xxx/CVE-2020-2678.json modified: 2020/2xxx/CVE-2020-2679.json modified: 2020/2xxx/CVE-2020-2680.json modified: 2020/2xxx/CVE-2020-2681.json modified: 2020/2xxx/CVE-2020-2682.json modified: 2020/2xxx/CVE-2020-2683.json modified: 2020/2xxx/CVE-2020-2684.json modified: 2020/2xxx/CVE-2020-2685.json modified: 2020/2xxx/CVE-2020-2686.json modified: 2020/2xxx/CVE-2020-2687.json modified: 2020/2xxx/CVE-2020-2688.json modified: 2020/2xxx/CVE-2020-2689.json modified: 2020/2xxx/CVE-2020-2690.json modified: 2020/2xxx/CVE-2020-2691.json modified: 2020/2xxx/CVE-2020-2692.json modified: 2020/2xxx/CVE-2020-2693.json modified: 2020/2xxx/CVE-2020-2694.json modified: 2020/2xxx/CVE-2020-2695.json modified: 2020/2xxx/CVE-2020-2696.json modified: 2020/2xxx/CVE-2020-2697.json modified: 2020/2xxx/CVE-2020-2698.json modified: 2020/2xxx/CVE-2020-2699.json modified: 2020/2xxx/CVE-2020-2700.json modified: 2020/2xxx/CVE-2020-2701.json modified: 2020/2xxx/CVE-2020-2702.json modified: 2020/2xxx/CVE-2020-2703.json modified: 2020/2xxx/CVE-2020-2704.json modified: 2020/2xxx/CVE-2020-2705.json modified: 2020/2xxx/CVE-2020-2707.json modified: 2020/2xxx/CVE-2020-2709.json modified: 2020/2xxx/CVE-2020-2710.json modified: 2020/2xxx/CVE-2020-2711.json modified: 2020/2xxx/CVE-2020-2712.json modified: 2020/2xxx/CVE-2020-2713.json modified: 2020/2xxx/CVE-2020-2714.json modified: 2020/2xxx/CVE-2020-2715.json modified: 2020/2xxx/CVE-2020-2716.json modified: 2020/2xxx/CVE-2020-2717.json modified: 2020/2xxx/CVE-2020-2718.json modified: 2020/2xxx/CVE-2020-2719.json modified: 2020/2xxx/CVE-2020-2720.json modified: 2020/2xxx/CVE-2020-2721.json modified: 2020/2xxx/CVE-2020-2722.json modified: 2020/2xxx/CVE-2020-2723.json modified: 2020/2xxx/CVE-2020-2724.json modified: 2020/2xxx/CVE-2020-2725.json modified: 2020/2xxx/CVE-2020-2726.json modified: 2020/2xxx/CVE-2020-2727.json modified: 2020/2xxx/CVE-2020-2728.json modified: 2020/2xxx/CVE-2020-2729.json modified: 2020/2xxx/CVE-2020-2730.json modified: 2020/2xxx/CVE-2020-2731.json --- 2012/1xxx/CVE-2012-1695.json | 84 +++++++------ 2019/2xxx/CVE-2019-2725.json | 23 +++- 2019/2xxx/CVE-2019-2729.json | 47 ++++++- 2019/2xxx/CVE-2019-2904.json | 230 +++++++++++++++++++++++++++++------ 2020/2xxx/CVE-2020-2510.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2511.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2512.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2515.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2516.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2517.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2518.json | 94 +++++++++++--- 2020/2xxx/CVE-2020-2519.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2527.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2530.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2531.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2533.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2534.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2535.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2536.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2537.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2538.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2539.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2540.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2541.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2542.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2543.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2544.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2545.json | 106 +++++++++++++--- 2020/2xxx/CVE-2020-2546.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2547.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2548.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2549.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2550.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2551.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2552.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2555.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2556.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2557.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2558.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2559.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2560.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2561.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2563.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2564.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2565.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2566.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2567.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2568.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2569.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2570.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2571.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2572.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2573.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2574.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2576.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2577.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2578.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2579.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2580.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2581.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2582.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2583.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2584.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2585.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2586.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2587.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2588.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2589.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2590.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2591.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2592.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2593.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2595.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2596.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2597.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2598.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2599.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2600.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2601.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2602.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2603.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2604.json | 94 +++++++++++--- 2020/2xxx/CVE-2020-2605.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2606.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2607.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2608.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2609.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2610.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2611.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2612.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2613.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2614.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2615.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2616.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2617.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2618.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2619.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2620.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2621.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2622.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2623.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2624.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2625.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2626.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2627.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2628.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2629.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2630.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2631.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2632.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2633.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2634.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2635.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2636.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2637.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2638.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2639.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2640.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2641.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2642.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2643.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2644.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2645.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2646.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2647.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2648.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2649.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2650.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2651.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2652.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2653.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2654.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2655.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2656.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2657.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2658.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2659.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2660.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2661.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2662.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2663.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2664.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2665.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2666.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2667.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2668.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2669.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2670.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2671.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2672.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2673.json | 86 ++++++++++--- 2020/2xxx/CVE-2020-2674.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2675.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2676.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2677.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2678.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2679.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2680.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2681.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2682.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2683.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2684.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2685.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2686.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2687.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2688.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2689.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2690.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2691.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2692.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2693.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2694.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2695.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2696.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2697.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2698.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2699.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2700.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2701.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2702.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2703.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2704.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2705.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2707.json | 90 +++++++++++--- 2020/2xxx/CVE-2020-2709.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2710.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2711.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2712.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2713.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2714.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2715.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2716.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2717.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2718.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2719.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2720.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2721.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2722.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2723.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2724.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2725.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2726.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2727.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2728.json | 74 ++++++++--- 2020/2xxx/CVE-2020-2729.json | 78 +++++++++--- 2020/2xxx/CVE-2020-2730.json | 82 ++++++++++--- 2020/2xxx/CVE-2020-2731.json | 86 ++++++++++--- 207 files changed, 13135 insertions(+), 3331 deletions(-) diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index bf040923228..9aee1e7171f 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,76 +1,80 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2012-1695", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2012-1695", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + "lang":"eng", + "value":"Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "48864", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/48864" + "name":"48864", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/48864" }, { - "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + "name":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { - "name": "1026948", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1026948" + "name":"1026948", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id?1026948" }, { - "name": "MDVSA-2013:150", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "name":"MDVSA-2013:150", + "refsource":"MANDRIVA", + "url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 7fa1f5672dd..60ff7f28db6 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -23,7 +23,23 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Tape Library ACSLS", + "version":{ + "version_data":[ + { + "version_value":"8.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } @@ -82,7 +98,10 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - } + }. + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 2828374b89d..58314736bc2 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -23,7 +23,47 @@ } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name": "Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + }, + { + "version_value":"8.58", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Tape Library ACSLS", + "version":{ + "version_data":[ + { + "version_value":"8.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } @@ -67,7 +107,10 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html" - } + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 819348bba61..cb2e9eff42b 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,75 +1,227 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2019-2904", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2019-2904", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "JDeveloper", - "version": { - "version_data": [ + "product_name":"JDeveloper", + "version":{ + "version_data":[ { - "version_value": "11.1.1.9.0", - "version_affected": "=" + "version_value":"11.1.1.9.0", + "version_affected":"=" }, { - "version_value": "12.1.3.0.0", - "version_affected": "=" + "version_value":"12.1.3.0.0", + "version_affected":"=" }, { - "version_value": "12.2.1.3.0", - "version_affected": "=" + "version_value":"12.2.1.3.0", + "version_affected":"=" } ] } } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Application Testing Suite", + "version":{ + "version_data":[ + { + "version_value":"12.5.0.3", + "version_affected":"=" + }, + { + "version_value":"13.1.0.1", + "version_affected":"=" + }, + { + "version_value":"13.2.0.1", + "version_affected":"=" + }, + { + "version_value":"13.3.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Clinical", + "version":{ + "version_data":[ + { + "version_value":"5.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Health Sciences Data Management Workbench", + "version":{ + "version_data":[ + { + "version_value":"2.4", + "version_affected":"=" + }, + { + "version_value":"2.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Hyperion Planning", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Assortment Planning", + "version":{ + "version_data":[ + { + "version_value":"15.0.3", + "version_affected":"=" + }, + { + "version_value":"16.0.3", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Clearance Optimization Engine", + "version":{ + "version_data":[ + { + "version_value":"14.0.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Markdown Optimization", + "version":{ + "version_data":[ + { + "version_value":"13.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Retail Sales Audit", + "version":{ + "version_data":[ + { + "version_value":"15.0.3. 16.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang":"eng", + "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource":"MISC", + "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index 8f526a11645..4f7940c9efd 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2510" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index 08ff3cf8dfd..d389ba57613 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2511" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 44439e9899a..128e507e2be 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2512" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index 7800d729755..2ca9db2118b 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2515" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index a7d2daee1b2..70f403b6615 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2516" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index 31bf9a63d5c..e04cc44cda9 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2517" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index f5cca796071..2c9d36d0b5c 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,18 +1,80 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2518" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"11.2.0.4", + "version_affected":"=" + }, + { + "version_value":"12.1.0.11", + "version_affected":"=" + }, + { + "version_value":"29", + "version_affected":"=" + }, + { + "version_value":"212.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index 8300334feb2..dce35bf55c4 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2519" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 850505e3ef7..4a6622dafe8 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2527" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index f74116277bc..1c7ea6f81e8 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2530" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"HTTP Server", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index c89e3145ce5..660c440a28d 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2531" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index d66891e5280..0a3dbd5f391 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2533" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Reports Developer", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index 44887a3631c..aac2bbb2c7e 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2534" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Reports Developer", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 4bc95ffdd3a..4d69a6f9ff7 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2535" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index e4c4820616e..ff9f9ee8c54 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2536" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index 750aeb96d9d..7a34d43613c 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2537" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Business Intelligence Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index 2db07790111..44cb9028372 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2538" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebCenter Sites", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index fad1f8676c7..06380809215 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2539" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebCenter Sites", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index 57d029b120f..dde087cbc9d 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2540" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index 77ca6d2c996..7512c2b923d 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2541" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index 6cc6f83e5f7..ced9eb0df63 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2542" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 65bd51c1d13..9ed1ed461c8 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2543" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index db53bbffd7e..b89392ca235 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2544" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 3a53842cd69..6f44f187216 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,18 +1,92 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2545" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"HTTP Server", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Security Service", + "version":{ + "version_data":[ + { + "version_value":"11.1.1.9.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 788fb9105d4..7e0f2522340 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2546" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index 493151ce3b3..f641efafc40 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2547" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index 3a7598603ac..fa71f2ca11b 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2548" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 0d33af9f8c8..25edd4e3039 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2549" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 12a36a3a5d0..8fca117ba6d 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2550" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index effcff9e10c..2812a8caedf 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2551" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index 1cd9309c114..e720f81749d 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2552" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"WebLogic Server", + "version":{ + "version_data":[ + { + "version_value":"10.3.6.0.0", + "version_affected":"=" + }, + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index c49e72e999d..1984ec04181 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2555" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Coherence", + "version":{ + "version_data":[ + { + "version_value":"12.1.3.0.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.4.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index 2ac12f3be43..53e8bf47084 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2556" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Primavera P6 Professional Project Management", + "version":{ + "version_data":[ + { + "version_value":"16.2.0.0-16.2.19.0", + "version_affected":"=" + }, + { + "version_value":"17.12.0.0-17.12.16.0", + "version_affected":"=" + }, + { + "version_value":"18.8.0.0-18.8.16.0", + "version_affected":"=" + }, + { + "version_value":"19.12.0.0", + "version_affected":"=" + }, + { + "version_value":"20.1.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 5c31e3ce708..5329af079d2 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2557" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Demantra Demand Management", + "version":{ + "version_data":[ + { + "version_value":"12.2.4", + "version_affected":"=" + }, + { + "version_value":"12.2.4.1", + "version_affected":"=" + }, + { + "version_value":"12.2.5", + "version_affected":"=" + }, + { + "version_value":"12.2.5.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index 6007fa41a81..e2a28de3e8d 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2558" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 279d49326c2..06d4b86f18a 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2559" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.7 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 957d483fb26..32592a22921 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2560" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.10 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index 63a3a223e36..9b38cdd80cd 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2561" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise HCM Human Resources", + "version":{ + "version_data":[ + { + "version_value":"9.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 6df23557acc..0667f01c153 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2563" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hyperion Financial Close Management", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index 7fe20d68d34..335ac7222bf 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2564" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Siebel UI Framework", + "version":{ + "version_data":[ + { + "version_value":"19.10 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index 1c4c42a183b..a55610abb65 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2565", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2565" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 9e521512523..504b9621b85 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2566" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Applications Framework", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index 541d6d356fe..a47b46691a0 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2567" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"18.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index bf90c7d410e..d7eea740f00 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2568" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index a69372f1df1..16ee81fb72d 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2569" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PL/SQL", + "version":{ + "version_data":[ + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index 13129e165fc..6386293dce6 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2570" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index 4d9c2e82222..f3c37180341 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2571" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"LDOMS", + "version":{ + "version_data":[ + { + "version_value":"3.6", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index f357c86ede2..3110b7c09de 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2572" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 61c27e4f764..46b05f87ec9 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2573" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 7e60a2b0f6b..4d89b02fe57 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2574" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.6.46 and prior", + "version_affected":"=" + }, + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index d712528aaad..ff735a6ab39 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2576" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Outside In Technology", + "version":{ + "version_data":[ + { + "version_value":"8.5.4", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index 629116b92da..f1569a4407a 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2577" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index 63adb36a885..ed4dfc4867f 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2578" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index 9a7dc6972eb..002cc16bd57 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2579" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.6.46 and prior", + "version_affected":"=" + }, + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index a515dcdebc0..00f9ef49d1a 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2580" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.17 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 42867e3502c..6cc9f391435 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2581" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 43512b63301..86d82bbfe8c 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2582" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iStore", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 907cdd83575..82e41035987 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2583" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index a5561451edd..5836fca7b7e 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2584" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 72bcf36d9df..07517dafb0a 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2585" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 8u241", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index e6f58099748..6a9c35f0bbd 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2586" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Human Resources", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 394b921e690..64d379b34c5 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2587" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Human Resources", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index f25ce02ce0a..902f3991c42 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2588" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index 9bc86fd124d..e6168b3be8c 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2589" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.17 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index c9a267665c7..99050b1505d 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2590" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index 689bd7b3711..ec9d279ca17 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2591" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Web Applications Desktop Integrator", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 9af44e9a0eb..74f63535e9e 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2592" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"AutoVue 3D Professional Advanced", + "version":{ + "version_data":[ + { + "version_value":"12.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 10016917e37..fb78fbe6594 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2593" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 4578a75bc24..1ab2e30f05a 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2595" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 9074b4f910e..453f0795c53 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2596" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index 8a53b342e96..a84137f19cd 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2597" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"One-to-One Fulfillment", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index b15e7838cd9..3533590ce2e 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2598" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index 7cccf7bb33d..c75d399a110 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2599" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality Cruise Materials Management", + "version":{ + "version_data":[ + { + "version_value":"7.30.567", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index 2b63f3f7849..f1b622745f4 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2600" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index e39bacce309..7148255f004 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2601" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index e7328e179db..c60f27465a4 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2602" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index f1e2ea53918..c5d44a27599 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2603" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Field Service", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index f8c823421a9..3b0144c8640 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -1,18 +1,80 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2604" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"GraalVM Enterprise Edition", + "version":{ + "version_data":[ + { + "version_value":"19.3.0.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation", + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 6211b1e27a4..2be9251b6e8 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2605" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index 5575cbb2de5..679a6b3a503 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2606" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index 0635c5ffc16..8537ed75fc9 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2607" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index 2650ffb1bdf..ce6205caf23 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2608" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 3d0262850c8..0448dc98d18 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2609" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index f6962ac02e8..37ef3827c53 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2610" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 7a1e72dd085..1ced91f842c 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2611" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index c9294fd18be..6b3cb3388f9 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2612" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index c7647d89f90..237e2d39930 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2613" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 9fdbce9d233..498663663e9 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2614" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"APM - Application Performance Management", + "version":{ + "version_data":[ + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index a3a1bdce2ca..0fb73b17672 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2615" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index 8dfeb5a57f3..f7cf0c27815 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2616" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index 31931734fe9..ded385130cb 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2617" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index d9fdd178adf..6b77def742b 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2618" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index 22893c1cf3e..bd55395b1f2 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2619" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 101a708e896..7703a98bd95 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2620" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 36847b0df9b..7f94581f2f9 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2621" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 7b06c4fa460..9480ca56107 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2622" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 8663ca3e972..6fac7e44f5d 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2623" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index 3168d8aa2bd..12fc43272eb 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2624" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index 89f2dc88b1f..cd9963f28c9 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2625" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index b95b7931f32..a2466dc6bc5 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2626" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index b65299cdb1f..7195091eb14 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2627" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index f3c24551a42..54dc05c231e 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2628" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index c656c0dba7b..419480d0dbd 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2629" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index 1622032de64..952d1a65680 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2630" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index c48139b38d1..dfa18a0fb15 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2631" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index 564e2cfaa0c..abaee4343e8 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2632" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 365dd79ac24..474d7302204 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2633" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index 1ce7c23d8ad..f0c2677f558 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2634" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index 02fcd3d2451..6607b002488 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2635" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index e715df34c74..a2e7a58d8b3 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2636" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index dfbdefcd2f0..c6c6a9d8580 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2637" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager for Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index 22fbf10cdc2..783b46a8b7b 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2638" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index 98d484c503b..462c5f637c7 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2639" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index 4cd0339ad4c..6750656041e 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2640" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index 7dee8f67e64..c13b39d832d 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2641" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index e67d2178888..38a19a94b6f 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2642" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index 7da989cd668..d85f02225e5 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2643" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index 3ee871cc374..c4af2a25e87 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2644" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index 049c59e16d1..c6973ee97ca 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2645" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index 7065b5ecdbf..5e2f9a3fbec 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2646" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Enterprise Manager Base Platform", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.5", + "version_affected":"=" + }, + { + "version_value":"13.2.0.0", + "version_affected":"=" + }, + { + "version_value":"13.3.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 4647d6058ec..18c7040f2b8 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2647" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + }, + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index ab5e07baba9..be8c9bfaab1 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2648" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index e5335abb486..88f6a714106 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2649" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 175debdb0b3..24db2b6a16c 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2650" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Retail Customer Management and Segmentation Foundation", + "version":{ + "version_data":[ + { + "version_value":"16.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index 21904f0799a..cf03c00ddf8 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2651" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 6004533885b..3835a372f12 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2652" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 0074d6706bb..4c4cd24a23a 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2653" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b488036e190..b71e25f74aa 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2654" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index e09043f1c82..3109c876686 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2655" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 11.0.5, 13.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index ed4b4596442..312e3238bc0 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2656" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + }, + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index b90ea9a7156..48692a18b72 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2657" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"CRM Technical Foundation", + "version":{ + "version_data":[ + { + "version_value":"12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index 20ee8781c72..c4d76b33d98 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2658" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 24c2cce17f9..9ae924c19f0 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2659" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Java", + "version":{ + "version_data":[ + { + "version_value":"Java SE: 7u241, 8u231", + "version_affected":"=" + }, + { + "version_value":"Java SE Embedded: 8u231", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index 87586156ba1..c4b7aa74bfb 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2660" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"5.7.28 and prior", + "version_affected":"=" + }, + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index d861406d731..ca36679f934 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2661" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index db7f626b78b..fb4d1aff558 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2662" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index 005e0334da2..c307b9cef51 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2663" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index 52b9f211e65..a191ec25d53 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2664" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index f6de7346bfb..fb1c491baf8 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2665" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index f5993d59556..10bc1649e53 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2666" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Applications Framework", + "version":{ + "version_data":[ + { + "version_value":"12.2.5-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index e40021500b7..fc3b2f086c8 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2667" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index c1a2127a794..be9752a7f54 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2668" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iSupport", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index 37e424a7493..2e3c7ea7eb9 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2669" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 24fc0e4deb1..2ea33832137 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2670" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index 6575e0f9d9f..f13f4235099 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2671" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index 7fdc93868f7..ebc29adda1f 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2672" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Email Center", + "version":{ + "version_data":[ + { + "version_value":"12.1.1-12.1.3", + "version_affected":"=" + }, + { + "version_value":"12.2.3-12.2.9", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index cf95d360da0..96acee027d2 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2673" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Application Testing Suite", + "version":{ + "version_data":[ + { + "version_value":"12.5.0.3", + "version_affected":"=" + }, + { + "version_value":"13.1.0.1", + "version_affected":"=" + }, + { + "version_value":"13.2.0.1", + "version_affected":"=" + }, + { + "version_value":"13.3.0.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index 1b3e735e822..85d2d865a67 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2674" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index c161a4c556e..b3d86e0276c 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2675" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index dc0fce98f2b..7d87b340e7a 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2676" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index aca9420fde7..4f293dd4e60 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2677" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality OPERA 5 Property Services", + "version":{ + "version_data":[ + { + "version_value":"5.5", + "version_affected":"=" + }, + { + "version_value":"5.6", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 4e588dd80a1..4bcbb357308 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2678" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index d07dd02b4ac..510c94b8403 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2679" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 9a773a32db7..6b6e1a3bf38 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2680" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"11", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index ce6240e364b..ab16d65d948 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2681" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 679aea94f7f..1cc7251998f 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2682" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index fd4a3ec2b56..7194c48248d 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2683" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index 41bfcf31b97..dbf527edcc8 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2684" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index b6ebfec4a5d..89b9a4b00bb 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2685" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index 97f0bb481a8..1b1307a04ff 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2686" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index 254c78b19e7..397b6038991 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2687" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise PT PeopleTools", + "version":{ + "version_data":[ + { + "version_value":"8.56", + "version_affected":"=" + }, + { + "version_value":"8.57", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 73c6944b708..8122c9744f4 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2688" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Financial Services Analytical Applications Infrastructure", + "version":{ + "version_data":[ + { + "version_value":"8.0.4-8.0.8", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index eb23e7880c0..6028067924e 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2689" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index a71d83d00ad..5f517d46d10 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2690" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index 29a43c96def..04af7c6f463 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2691" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index c097dd0a5a3..2159da124f7 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2692" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index a836731e7b9..e3e144d3cb3 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2693" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index f1f4c533f23..da640a73de9 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2694" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"MySQL Server", + "version":{ + "version_data":[ + { + "version_value":"8.0.18 and prior", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index f1b327ccca1..0d4a3220546 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2695" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"PeopleSoft Enterprise CC Common Application Objects", + "version":{ + "version_data":[ + { + "version_value":"9.1", + "version_affected":"=" + }, + { + "version_value":"9.2", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 7949adc47b0..fb3ce2fd944 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2696" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Solaris Operating System", + "version":{ + "version_data":[ + { + "version_value":"10", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index 018b74aea3a..fb27c1e0181 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2697" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Hospitality Suites Management", + "version":{ + "version_data":[ + { + "version_value":"3.7", + "version_affected":"=" + }, + { + "version_value":"3.8", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 090e675bd9f..59db7dd9512 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2698" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index 177944f6fd5..f2aceb74b8c 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2699" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index b32b5feb6c3..7256a3e329f 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2700" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Universal Banking", + "version":{ + "version_data":[ + { + "version_value":"12.0.1-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index 4322958dc97..a247ee7ec6d 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2701" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index 92dcf28a0e0..e61e95e06e8 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2702" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index f5a74e2845f..adaf8bd7311 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2703" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index de2b69333e6..49735f48a0b 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2704" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 7ad52e2bdf1..4caf43a0c27 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2705" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index a8e60a53240..fdb357394aa 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,18 +1,76 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2707" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Primavera P6 Enterprise Project Portfolio Management", + "version":{ + "version_data":[ + { + "version_value":"15.1.0.0-15.2.18.7", + "version_affected":"=" + }, + { + "version_value":"16.1.0.0-16.2.19.0", + "version_affected":"=" + }, + { + "version_value":"17.1.0.0-17.12.16.0", + "version_affected":"=" + }, + { + "version_value":"18.1.0.0-18.8.16.0", + "version_affected":"=" + }, + { + "version_value":"19.12.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index a6d28bdde6b..a310fc13d4d 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2709" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"iLearning", + "version":{ + "version_data":[ + { + "version_value":"6.1", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 2df55063f4d..59fb17a62ad 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2710" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 90803be483d..0a6b24f53bc 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2711" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 38e3a0a0cd0..9d4e37a02bc 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2712" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index 5b89a9c8dfe..f5127e4a841 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2713" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index d42f4697cc3..8ba0833a5e8 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2714" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Payments", + "version":{ + "version_data":[ + { + "version_value":"14.1.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 6221fbf666f..33931639956 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2715" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index 58bf2a5b0b8..cc6d97aa61f 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2716" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index 60a32207903..fff252b6389 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2717" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index fdf08f4fb88..2eba684b1a6 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2718" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index 4b6066f9c6e..b8c79b816a9 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2719" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Banking Corporate Lending", + "version":{ + "version_data":[ + { + "version_value":"12.3.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 01f83799dd3..38fb0ee79ea 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2720" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 5332e2d203e..009ac31f2db 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2721" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index d09cb4f912d..5a6b64efe13 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2722" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index aa1bcdc5be9..ab545b21a36 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2723" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index cb54c954b51..b7f2aa3a9bb 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2724" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"FLEXCUBE Investor Servicing", + "version":{ + "version_data":[ + { + "version_value":"12.1.0-12.4.0", + "version_affected":"=" + }, + { + "version_value":"14.0.0-14.1.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 6564f61fb8b..55d01d74f2d 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2725" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 2f13fbc2cdd..70a2d6bcd32 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2726" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index 151c17c8dc8..ad7720145b1 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2727" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"VM VirtualBox", + "version":{ + "version_data":[ + { + "version_value":"5.2.36", + "version_affected":"<" + }, + { + "version_value":"6.0.16", + "version_affected":"<" + }, + { + "version_value":"6.1.2", + "version_affected":"<" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index b52017133de..8e4c3549c43 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,18 +1,60 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2728" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Identity Manager", + "version":{ + "version_data":[ + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index 47a7a076079..419b6ab03a4 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,18 +1,64 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2729" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Identity Manager", + "version":{ + "version_data":[ + { + "version_value":"11.1.2.3.0", + "version_affected":"=" + }, + { + "version_value":"12.2.1.3.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 1801c27918f..2c6d0c491b9 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,18 +1,68 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2730" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Financial Services Revenue Management and Billing", + "version":{ + "version_data":[ + { + "version_value":"2.7.0.0", + "version_affected":"=" + }, + { + "version_value":"2.7.0.1", + "version_affected":"=" + }, + { + "version_value":"2.8.0.0", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index a31ab3589fb..0d5d96a3c44 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,18 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-2731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + { + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2020-2731" + }, + "affects":{ + "vendor":{ + "vendor_data":[ + { + "product":{ + "product_data":[ + { + "product_name":"Oracle Database", + "version":{ + "version_data":[ + { + "version_value":"12.1.0.2", + "version_affected":"=" + }, + { + "version_value":"12.2.0.1", + "version_affected":"=" + }, + { + "version_value":"18c", + "version_affected":"=" + }, + { + "version_value":"19c", + "version_affected":"=" + } + ] + } + } + ] + }, + "vendor_name":"Oracle Corporation" + } + ] } - ] + }, + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype":{ + "problemtype_data":[ + { + "description":[ + { + "lang":"eng", + "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references":{ + "reference_data":[ + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + } } -} \ No newline at end of file From 20e4f80bb0386ef1c97cde9d6dfe1274cc6e8398 Mon Sep 17 00:00:00 2001 From: bsitu <33327536+bsitu@users.noreply.github.com> Date: Tue, 14 Jan 2020 15:45:59 -0800 Subject: [PATCH 03/24] Update CVE-2019-2725.json --- 2019/2xxx/CVE-2019-2725.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 60ff7f28db6..6d30348f41e 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -98,10 +98,10 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - }. + }, { "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } -} \ No newline at end of file +} From d7994aa5394f0a9baf0fb03367246f741d8e904a Mon Sep 17 00:00:00 2001 From: zdi-team Date: Tue, 14 Jan 2020 18:00:53 -0600 Subject: [PATCH 04/24] ZDI rejects the following CVEs: A 2019/17xxx/CVE-2019-17149.json A 2019/17xxx/CVE-2019-17150.json --- 2019/17xxx/CVE-2019-17149.json | 18 ++++++++++++++++++ 2019/17xxx/CVE-2019-17150.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17149.json create mode 100644 2019/17xxx/CVE-2019-17150.json diff --git a/2019/17xxx/CVE-2019-17149.json b/2019/17xxx/CVE-2019-17149.json new file mode 100644 index 00000000000..6e9ab4422f3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17149.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17149", + "STATE": "REJECT" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} diff --git a/2019/17xxx/CVE-2019-17150.json b/2019/17xxx/CVE-2019-17150.json new file mode 100644 index 00000000000..b4214f051b1 --- /dev/null +++ b/2019/17xxx/CVE-2019-17150.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17150", + "STATE": "REJECT" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} From a746973f5fd7a91f8bd7bac49d125da7dc6be013 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 00:01:17 +0000 Subject: [PATCH 05/24] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0601.json | 386 +++++----- 2020/0xxx/CVE-2020-0602.json | 122 +-- 2020/0xxx/CVE-2020-0603.json | 122 +-- 2020/0xxx/CVE-2020-0605.json | 1360 +++++++++++++++++----------------- 2020/0xxx/CVE-2020-0606.json | 1346 ++++++++++++++++----------------- 2020/0xxx/CVE-2020-0607.json | 452 +++++------ 2020/0xxx/CVE-2020-0608.json | 488 ++++++------ 2020/0xxx/CVE-2020-0609.json | 128 ++-- 2020/0xxx/CVE-2020-0610.json | 128 ++-- 2020/0xxx/CVE-2020-0611.json | 458 ++++++------ 2020/0xxx/CVE-2020-0612.json | 116 +-- 2020/0xxx/CVE-2020-0613.json | 416 +++++------ 2020/0xxx/CVE-2020-0614.json | 416 +++++------ 2020/0xxx/CVE-2020-0615.json | 488 ++++++------ 2020/0xxx/CVE-2020-0616.json | 308 ++++---- 2020/0xxx/CVE-2020-0617.json | 178 ++--- 2020/0xxx/CVE-2020-0620.json | 488 ++++++------ 2020/0xxx/CVE-2020-0621.json | 190 ++--- 2020/0xxx/CVE-2020-0622.json | 196 ++--- 2020/0xxx/CVE-2020-0623.json | 416 +++++------ 2020/0xxx/CVE-2020-0624.json | 252 +++---- 2020/0xxx/CVE-2020-0625.json | 488 ++++++------ 2020/0xxx/CVE-2020-0626.json | 488 ++++++------ 2020/0xxx/CVE-2020-0627.json | 488 ++++++------ 2020/0xxx/CVE-2020-0628.json | 488 ++++++------ 2020/0xxx/CVE-2020-0629.json | 488 ++++++------ 2020/0xxx/CVE-2020-0630.json | 482 ++++++------ 2020/0xxx/CVE-2020-0631.json | 488 ++++++------ 2020/0xxx/CVE-2020-0632.json | 488 ++++++------ 2020/0xxx/CVE-2020-0633.json | 374 +++++----- 2020/0xxx/CVE-2020-0634.json | 488 ++++++------ 2020/0xxx/CVE-2020-0635.json | 488 ++++++------ 2020/0xxx/CVE-2020-0636.json | 252 +++---- 2020/0xxx/CVE-2020-0637.json | 164 ++-- 2020/0xxx/CVE-2020-0638.json | 350 ++++----- 2020/0xxx/CVE-2020-0639.json | 488 ++++++------ 2020/0xxx/CVE-2020-0640.json | 424 +++++------ 2020/0xxx/CVE-2020-0641.json | 428 +++++------ 2020/0xxx/CVE-2020-0642.json | 488 ++++++------ 2020/0xxx/CVE-2020-0643.json | 488 ++++++------ 2020/0xxx/CVE-2020-0644.json | 428 +++++------ 2020/0xxx/CVE-2020-0646.json | 1340 ++++++++++++++++----------------- 2020/0xxx/CVE-2020-0647.json | 112 +-- 2020/0xxx/CVE-2020-0650.json | 210 +++--- 2020/0xxx/CVE-2020-0651.json | 210 +++--- 2020/0xxx/CVE-2020-0652.json | 184 ++--- 2020/0xxx/CVE-2020-0653.json | 116 +-- 2020/0xxx/CVE-2020-0654.json | 112 +-- 2020/0xxx/CVE-2020-0656.json | 112 +-- 2020/5xxx/CVE-2020-5501.json | 61 +- 2020/5xxx/CVE-2020-5502.json | 61 +- 51 files changed, 9963 insertions(+), 9767 deletions(-) diff --git a/2020/0xxx/CVE-2020-0601.json b/2020/0xxx/CVE-2020-0601.json index cadd67ff763..48a205f4c45 100644 --- a/2020/0xxx/CVE-2020-0601.json +++ b/2020/0xxx/CVE-2020-0601.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0601", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json index 235cb9e9b20..259e5db38df 100644 --- a/2020/0xxx/CVE-2020-0602.json +++ b/2020/0xxx/CVE-2020-0602.json @@ -1,66 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0602", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ASP.NET Core", - "version": { - "version_data": [ - { - "version_value": "2.1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] }, - { - "version_value": "3.0" - }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json index b588ac0aa01..237c93b457b 100644 --- a/2020/0xxx/CVE-2020-0603.json +++ b/2020/0xxx/CVE-2020-0603.json @@ -1,66 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0603", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ASP.NET Core", - "version": { - "version_data": [ - { - "version_value": "2.1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] }, - { - "version_value": "3.0" - }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0605.json b/2020/0xxx/CVE-2020-0605.json index 1ca4d609484..9bc968ed36b 100644 --- a/2020/0xxx/CVE-2020-0605.json +++ b/2020/0xxx/CVE-2020-0605.json @@ -1,685 +1,687 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0605", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": ".NET Core", - "version": { - "version_data": [ - { - "version_value": "3.0" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0606.json b/2020/0xxx/CVE-2020-0606.json index bc473d36d8d..e2e4457496b 100644 --- a/2020/0xxx/CVE-2020-0606.json +++ b/2020/0xxx/CVE-2020-0606.json @@ -1,678 +1,680 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0606", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": ".NET Core", - "version": { - "version_data": [ - { - "version_value": "3.0" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "3.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0607.json b/2020/0xxx/CVE-2020-0607.json index a08f3ea45a1..2c90ee96b62 100644 --- a/2020/0xxx/CVE-2020-0607.json +++ b/2020/0xxx/CVE-2020-0607.json @@ -1,231 +1,233 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0607", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \u0027Microsoft Graphics Components Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0608.json b/2020/0xxx/CVE-2020-0608.json index 6714b05c873..c23723f8ed4 100644 --- a/2020/0xxx/CVE-2020-0608.json +++ b/2020/0xxx/CVE-2020-0608.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0608", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \u0027Win32k Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0609.json b/2020/0xxx/CVE-2020-0609.json index 9c35a255e4d..85a07617ff1 100644 --- a/2020/0xxx/CVE-2020-0609.json +++ b/2020/0xxx/CVE-2020-0609.json @@ -1,69 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0609", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] }, - { - "version_value": "2016" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 R2" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0610." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0610.json b/2020/0xxx/CVE-2020-0610.json index de261b993df..c16910e3035 100644 --- a/2020/0xxx/CVE-2020-0610.json +++ b/2020/0xxx/CVE-2020-0610.json @@ -1,69 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0610", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] }, - { - "version_value": "2016" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 R2" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0609." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0611.json b/2020/0xxx/CVE-2020-0611.json index 129bc0055ea..05740f9b5c3 100644 --- a/2020/0xxx/CVE-2020-0611.json +++ b/2020/0xxx/CVE-2020-0611.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0611", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka \u0027Remote Desktop Client Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0612.json b/2020/0xxx/CVE-2020-0612.json index 269a68353d3..903e80c4ff3 100644 --- a/2020/0xxx/CVE-2020-0612.json +++ b/2020/0xxx/CVE-2020-0612.json @@ -1,63 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0612", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + } + ] + } + } + ] }, - { - "version_value": "2016" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0613.json b/2020/0xxx/CVE-2020-0613.json index d85522ab441..f69ddb2f569 100644 --- a/2020/0xxx/CVE-2020-0613.json +++ b/2020/0xxx/CVE-2020-0613.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0613", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0614.json b/2020/0xxx/CVE-2020-0614.json index d7b12894ad9..257d8092db5 100644 --- a/2020/0xxx/CVE-2020-0614.json +++ b/2020/0xxx/CVE-2020-0614.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0614", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json index 8b72caf0555..06d1de329e5 100644 --- a/2020/0xxx/CVE-2020-0615.json +++ b/2020/0xxx/CVE-2020-0615.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0615", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0639." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json index 2b3f63f4c92..37ea46281d9 100644 --- a/2020/0xxx/CVE-2020-0616.json +++ b/2020/0xxx/CVE-2020-0616.json @@ -1,159 +1,161 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0616", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka \u0027Microsoft Windows Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0617.json b/2020/0xxx/CVE-2020-0617.json index ff9dbe3e32a..ce9dc85bf33 100644 --- a/2020/0xxx/CVE-2020-0617.json +++ b/2020/0xxx/CVE-2020-0617.json @@ -1,94 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0617", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for x64-based Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka \u0027Hyper-V Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0620.json b/2020/0xxx/CVE-2020-0620.json index e3c41d7241e..5d5398d70ec 100644 --- a/2020/0xxx/CVE-2020-0620.json +++ b/2020/0xxx/CVE-2020-0620.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0620", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka \u0027Microsoft Cryptographic Services Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0621.json b/2020/0xxx/CVE-2020-0621.json index 0fe1ef25f2e..59e94306e2b 100644 --- a/2020/0xxx/CVE-2020-0621.json +++ b/2020/0xxx/CVE-2020-0621.json @@ -1,100 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0621", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka \u0027Windows Security Feature Bypass Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Security Feature Bypass" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0622.json b/2020/0xxx/CVE-2020-0622.json index d14965fb422..c13d4e576b1 100644 --- a/2020/0xxx/CVE-2020-0622.json +++ b/2020/0xxx/CVE-2020-0622.json @@ -1,103 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0622", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka \u0027Microsoft Graphics Component Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0623.json b/2020/0xxx/CVE-2020-0623.json index 4096264b45d..dde53039c0a 100644 --- a/2020/0xxx/CVE-2020-0623.json +++ b/2020/0xxx/CVE-2020-0623.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0623", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0624.json b/2020/0xxx/CVE-2020-0624.json index c71abe902d8..205395e1e3f 100644 --- a/2020/0xxx/CVE-2020-0624.json +++ b/2020/0xxx/CVE-2020-0624.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0624", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0642." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0625.json b/2020/0xxx/CVE-2020-0625.json index 3402b09982d..48ea7e67d34 100644 --- a/2020/0xxx/CVE-2020-0625.json +++ b/2020/0xxx/CVE-2020-0625.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0625", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0626.json b/2020/0xxx/CVE-2020-0626.json index 2d0f1f60ce1..d07d93d4755 100644 --- a/2020/0xxx/CVE-2020-0626.json +++ b/2020/0xxx/CVE-2020-0626.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0626", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0627.json b/2020/0xxx/CVE-2020-0627.json index 103da5c01e5..486e4824cb2 100644 --- a/2020/0xxx/CVE-2020-0627.json +++ b/2020/0xxx/CVE-2020-0627.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0627", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0628.json b/2020/0xxx/CVE-2020-0628.json index d5514ce112e..5b18cee0837 100644 --- a/2020/0xxx/CVE-2020-0628.json +++ b/2020/0xxx/CVE-2020-0628.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0628", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0629.json b/2020/0xxx/CVE-2020-0629.json index 8630455ad70..455a1fba755 100644 --- a/2020/0xxx/CVE-2020-0629.json +++ b/2020/0xxx/CVE-2020-0629.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0629", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0630.json b/2020/0xxx/CVE-2020-0630.json index bd8c3f772dd..4119f4dbe9b 100644 --- a/2020/0xxx/CVE-2020-0630.json +++ b/2020/0xxx/CVE-2020-0630.json @@ -1,246 +1,248 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0630", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0631.json b/2020/0xxx/CVE-2020-0631.json index 8cfca47ecc3..82390a011b2 100644 --- a/2020/0xxx/CVE-2020-0631.json +++ b/2020/0xxx/CVE-2020-0631.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0631", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0632.json b/2020/0xxx/CVE-2020-0632.json index 5882497cf87..05d4b538f4b 100644 --- a/2020/0xxx/CVE-2020-0632.json +++ b/2020/0xxx/CVE-2020-0632.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0632", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0633.json b/2020/0xxx/CVE-2020-0633.json index 4df7199cf03..a1f09168e80 100644 --- a/2020/0xxx/CVE-2020-0633.json +++ b/2020/0xxx/CVE-2020-0633.json @@ -1,192 +1,194 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0633", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json index 73a2da8dba1..eaf774c60b9 100644 --- a/2020/0xxx/CVE-2020-0634.json +++ b/2020/0xxx/CVE-2020-0634.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0634", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0635.json b/2020/0xxx/CVE-2020-0635.json index 8a240a01556..792731310c6 100644 --- a/2020/0xxx/CVE-2020-0635.json +++ b/2020/0xxx/CVE-2020-0635.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0635", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0644." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0636.json b/2020/0xxx/CVE-2020-0636.json index 0c9acee410a..3eae5de864a 100644 --- a/2020/0xxx/CVE-2020-0636.json +++ b/2020/0xxx/CVE-2020-0636.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0636", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka \u0027Windows Subsystem for Linux Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0637.json b/2020/0xxx/CVE-2020-0637.json index 0084967a015..519e158d24f 100644 --- a/2020/0xxx/CVE-2020-0637.json +++ b/2020/0xxx/CVE-2020-0637.json @@ -1,87 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0637", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka \u0027Remote Desktop Web Access Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0638.json b/2020/0xxx/CVE-2020-0638.json index 23e4511ed1f..1b1d098fbe9 100644 --- a/2020/0xxx/CVE-2020-0638.json +++ b/2020/0xxx/CVE-2020-0638.json @@ -1,180 +1,182 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0638", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1709 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "version 1803 (Core Installation)" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0639.json b/2020/0xxx/CVE-2020-0639.json index 6e17b9bee65..97efe5b0f26 100644 --- a/2020/0xxx/CVE-2020-0639.json +++ b/2020/0xxx/CVE-2020-0639.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0639", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka \u0027Windows Common Log File System Driver Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0615." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0640.json b/2020/0xxx/CVE-2020-0640.json index 85ecc623657..f6c50e979bb 100644 --- a/2020/0xxx/CVE-2020-0640.json +++ b/2020/0xxx/CVE-2020-0640.json @@ -1,216 +1,218 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0640", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 10", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2012" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 9", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0641.json b/2020/0xxx/CVE-2020-0641.json index 99c57d04016..aeba39a4740 100644 --- a/2020/0xxx/CVE-2020-0641.json +++ b/2020/0xxx/CVE-2020-0641.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0641", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0642.json b/2020/0xxx/CVE-2020-0642.json index 83a94728816..12e0a5abdb4 100644 --- a/2020/0xxx/CVE-2020-0642.json +++ b/2020/0xxx/CVE-2020-0642.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0642", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0624." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0643.json b/2020/0xxx/CVE-2020-0643.json index 84963d3a284..6407ebd9ae0 100644 --- a/2020/0xxx/CVE-2020-0643.json +++ b/2020/0xxx/CVE-2020-0643.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0643", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI+ Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0644.json b/2020/0xxx/CVE-2020-0644.json index d2e913d6b15..b9af78d4830 100644 --- a/2020/0xxx/CVE-2020-0644.json +++ b/2020/0xxx/CVE-2020-0644.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0644", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0635." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0646.json b/2020/0xxx/CVE-2020-0646.json index fc3fd8d0f03..9556db0f96c 100644 --- a/2020/0xxx/CVE-2020-0646.json +++ b/2020/0xxx/CVE-2020-0646.json @@ -1,675 +1,677 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0646", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "1903" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.6", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.0", - "version": { - "version_data": [ - { - "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5.1", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 4.5.2", - "version": { - "version_data": [ - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012" - }, - { - "version_value": "Windows Server 2012 (Server Core installation)" - }, - { - "version_value": "Windows Server 2012 R2" - }, - { - "version_value": "Windows Server 2012 R2 (Server Core installation)" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u0027.NET Framework Remote Code Execution Injection Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0647.json b/2020/0xxx/CVE-2020-0647.json index 8c3adbfcebd..b574f284ca3 100644 --- a/2020/0xxx/CVE-2020-0647.json +++ b/2020/0xxx/CVE-2020-0647.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0647", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Office Online Server", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka \u0027Microsoft Office Online Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0650.json b/2020/0xxx/CVE-2020-0650.json index 9d2d579db3f..d150b2fe6c1 100644 --- a/2020/0xxx/CVE-2020-0650.json +++ b/2020/0xxx/CVE-2020-0650.json @@ -1,110 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0650", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Excel", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0651.json b/2020/0xxx/CVE-2020-0651.json index 6d4bc32bb5b..6aa37cd14a7 100644 --- a/2020/0xxx/CVE-2020-0651.json +++ b/2020/0xxx/CVE-2020-0651.json @@ -1,110 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0651", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Excel", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json index 7dc533b1a2a..e1bf5e2f457 100644 --- a/2020/0xxx/CVE-2020-0652.json +++ b/2020/0xxx/CVE-2020-0652.json @@ -1,97 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0652", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \u0027Microsoft Office Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0653.json b/2020/0xxx/CVE-2020-0653.json index 46ec5c20cd7..3dddb60d10c 100644 --- a/2020/0xxx/CVE-2020-0653.json +++ b/2020/0xxx/CVE-2020-0653.json @@ -1,63 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0653", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "64-bit Systems" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0654.json b/2020/0xxx/CVE-2020-0654.json index ae70112fcaf..40b5b82b0d5 100644 --- a/2020/0xxx/CVE-2020-0654.json +++ b/2020/0xxx/CVE-2020-0654.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0654", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "One Drive for Android", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One Drive for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka \u0027Microsoft OneDrive for Android Security Feature Bypass Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Security Feature Bypass" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0656.json b/2020/0xxx/CVE-2020-0656.json index f58d85a9d0b..ed6a392a91e 100644 --- a/2020/0xxx/CVE-2020-0656.json +++ b/2020/0xxx/CVE-2020-0656.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0656", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Dynamics 365 Field Service (on-premises) v7 series", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dynamics 365 Field Service (on-premises) v7 series", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5501.json b/2020/5xxx/CVE-2020-5501.json index 9ff5572b9e5..ba331e22b0c 100644 --- a/2020/5xxx/CVE-2020-5501.json +++ b/2020/5xxx/CVE-2020-5501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can modify a group avatar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } diff --git a/2020/5xxx/CVE-2020-5502.json b/2020/5xxx/CVE-2020-5502.json index dbdee4f2fce..f84a3f3ce22 100644 --- a/2020/5xxx/CVE-2020-5502.json +++ b/2020/5xxx/CVE-2020-5502.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5502", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5502", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } From 9729f00712889cde812d9799cfe78c037a625769 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 01:01:18 +0000 Subject: [PATCH 06/24] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17149.json | 34 +++++++++++++++++----------------- 2019/17xxx/CVE-2019-17150.json | 34 +++++++++++++++++----------------- 2019/19xxx/CVE-2019-19950.json | 5 +++++ 2019/19xxx/CVE-2019-19951.json | 5 +++++ 2019/19xxx/CVE-2019-19953.json | 5 +++++ 5 files changed, 49 insertions(+), 34 deletions(-) diff --git a/2019/17xxx/CVE-2019-17149.json b/2019/17xxx/CVE-2019-17149.json index 6e9ab4422f3..ac112497e1f 100644 --- a/2019/17xxx/CVE-2019-17149.json +++ b/2019/17xxx/CVE-2019-17149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17149", - "STATE": "REJECT" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17149", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17150.json b/2019/17xxx/CVE-2019-17150.json index b4214f051b1..230006cbaf3 100644 --- a/2019/17xxx/CVE-2019-17150.json +++ b/2019/17xxx/CVE-2019-17150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17150", - "STATE": "REJECT" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19950.json b/2019/19xxx/CVE-2019-19950.json index c94d6ec5dca..ca6d688e24e 100644 --- a/2019/19xxx/CVE-2019-19950.json +++ b/2019/19xxx/CVE-2019-19950.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19951.json b/2019/19xxx/CVE-2019-19951.json index cea299b4b63..17f790d679c 100644 --- a/2019/19xxx/CVE-2019-19951.json +++ b/2019/19xxx/CVE-2019-19951.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19953.json b/2019/19xxx/CVE-2019-19953.json index 8956aa05be7..2f269b7d62f 100644 --- a/2019/19xxx/CVE-2019-19953.json +++ b/2019/19xxx/CVE-2019-19953.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } From 47d678bbb61d01d84a00cffb067f8b11af16ec75 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 02:01:08 +0000 Subject: [PATCH 07/24] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10536.json | 5 +++ 2018/10xxx/CVE-2018-10537.json | 5 +++ 2018/10xxx/CVE-2018-10538.json | 5 +++ 2018/10xxx/CVE-2018-10539.json | 5 +++ 2018/10xxx/CVE-2018-10540.json | 5 +++ 2018/19xxx/CVE-2018-19840.json | 5 +++ 2018/19xxx/CVE-2018-19841.json | 5 +++ 2019/1010xxx/CVE-2019-1010315.json | 5 +++ 2019/1010xxx/CVE-2019-1010317.json | 5 +++ 2019/1010xxx/CVE-2019-1010319.json | 5 +++ 2019/11xxx/CVE-2019-11498.json | 5 +++ 2019/2xxx/CVE-2019-2224.json | 50 ++---------------------------- 12 files changed, 58 insertions(+), 47 deletions(-) diff --git a/2018/10xxx/CVE-2018-10536.json b/2018/10xxx/CVE-2018-10536.json index b19df5ad4df..ddd82862126 100644 --- a/2018/10xxx/CVE-2018-10536.json +++ b/2018/10xxx/CVE-2018-10536.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10537.json b/2018/10xxx/CVE-2018-10537.json index a680c0809df..c6c081575e9 100644 --- a/2018/10xxx/CVE-2018-10537.json +++ b/2018/10xxx/CVE-2018-10537.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10538.json b/2018/10xxx/CVE-2018-10538.json index dc920c566b6..5d0c9eb1c6c 100644 --- a/2018/10xxx/CVE-2018-10538.json +++ b/2018/10xxx/CVE-2018-10538.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10539.json b/2018/10xxx/CVE-2018-10539.json index 92693e011d9..b3fb4862d7c 100644 --- a/2018/10xxx/CVE-2018-10539.json +++ b/2018/10xxx/CVE-2018-10539.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10540.json b/2018/10xxx/CVE-2018-10540.json index 36f15a5d659..3247a872fb4 100644 --- a/2018/10xxx/CVE-2018-10540.json +++ b/2018/10xxx/CVE-2018-10540.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/19xxx/CVE-2018-19840.json b/2018/19xxx/CVE-2018-19840.json index 048dd44056b..dcea1123d2e 100644 --- a/2018/19xxx/CVE-2018-19840.json +++ b/2018/19xxx/CVE-2018-19840.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/19xxx/CVE-2018-19841.json b/2018/19xxx/CVE-2018-19841.json index b031d298b84..8532e9f5581 100644 --- a/2018/19xxx/CVE-2018-19841.json +++ b/2018/19xxx/CVE-2018-19841.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010315.json b/2019/1010xxx/CVE-2019-1010315.json index c87522730d5..60eff5a15cd 100644 --- a/2019/1010xxx/CVE-2019-1010315.json +++ b/2019/1010xxx/CVE-2019-1010315.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010317.json b/2019/1010xxx/CVE-2019-1010317.json index 4d24ed94b21..8f4f0f48dfb 100644 --- a/2019/1010xxx/CVE-2019-1010317.json +++ b/2019/1010xxx/CVE-2019-1010317.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010319.json b/2019/1010xxx/CVE-2019-1010319.json index 97cacaa781b..c90c0d01662 100644 --- a/2019/1010xxx/CVE-2019-1010319.json +++ b/2019/1010xxx/CVE-2019-1010319.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/11xxx/CVE-2019-11498.json b/2019/11xxx/CVE-2019-11498.json index 656d51788a2..4a37fb2e938 100644 --- a/2019/11xxx/CVE-2019-11498.json +++ b/2019/11xxx/CVE-2019-11498.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e55567b6be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/2xxx/CVE-2019-2224.json b/2019/2xxx/CVE-2019-2224.json index 93d5fe0fbe5..818e1cb2723 100644 --- a/2019/2xxx/CVE-2019-2224.json +++ b/2019/2xxx/CVE-2019-2224.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-2224", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2019-12-01", - "url": "https://source.android.com/security/bulletin/2019-12-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15140. Reason: This candidate is a duplicate of CVE-2019-15140. Notes: All CVE users should reference CVE-2019-15140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } From c635c14a862c7a4f27a8dbeca2c3826ea047e1dd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 05:01:09 +0000 Subject: [PATCH 08/24] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20330.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index 108b3767c97..c4935447fb7 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -61,6 +61,11 @@ "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2", "refsource": "MISC", "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" } ] } From 8e7cbf078a539436d32a1eb3f7765573793be4cb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 06:01:06 +0000 Subject: [PATCH 09/24] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7058.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/7xxx/CVE-2020-7058.json diff --git a/2020/7xxx/CVE-2020-7058.json b/2020/7xxx/CVE-2020-7058.json new file mode 100644 index 00000000000..7e47797b66e --- /dev/null +++ b/2020/7xxx/CVE-2020-7058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 6e77e49f83cd5bf5ffed54ed601d8e0b1c83dd26 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 07:01:16 +0000 Subject: [PATCH 10/24] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16775.json | 5 +++ 2019/16xxx/CVE-2019-16776.json | 5 +++ 2019/16xxx/CVE-2019-16777.json | 5 +++ 2019/18xxx/CVE-2019-18388.json | 5 +++ 2019/18xxx/CVE-2019-18389.json | 5 +++ 2019/18xxx/CVE-2019-18390.json | 5 +++ 2019/18xxx/CVE-2019-18391.json | 5 +++ 2019/20xxx/CVE-2019-20330.json | 10 ++++++ 2020/7xxx/CVE-2020-7058.json | 56 ++++++++++++++++++++++++++++++---- 9 files changed, 95 insertions(+), 6 deletions(-) diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 9c6cbe414b6..7be6ea0f859 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -80,6 +80,11 @@ "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 7ed553dca88..6a76e8aea24 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -80,6 +80,11 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 22c6e705297..ef131daecfc 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -80,6 +80,11 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18388.json b/2019/18xxx/CVE-2019-18388.json index 81fffab49c1..341fe6c0e64 100644 --- a/2019/18xxx/CVE-2019-18388.json +++ b/2019/18xxx/CVE-2019-18388.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18389.json b/2019/18xxx/CVE-2019-18389.json index abbeb037faf..50284dbc167 100644 --- a/2019/18xxx/CVE-2019-18389.json +++ b/2019/18xxx/CVE-2019-18389.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18389" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18390.json b/2019/18xxx/CVE-2019-18390.json index 971ff6cc29d..99ce0e188f9 100644 --- a/2019/18xxx/CVE-2019-18390.json +++ b/2019/18xxx/CVE-2019-18390.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18391.json b/2019/18xxx/CVE-2019-18391.json index 47d56e25864..b45bc581846 100644 --- a/2019/18xxx/CVE-2019-18391.json +++ b/2019/18xxx/CVE-2019-18391.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18391" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index c4935447fb7..fa7647c0dc7 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2020/7xxx/CVE-2020-7058.json b/2020/7xxx/CVE-2020-7058.json index 7e47797b66e..febc642ac5a 100644 --- a/2020/7xxx/CVE-2020-7058.json +++ b/2020/7xxx/CVE-2020-7058.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7058", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated \"This is a false alarm.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3186", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3186" } ] } From 14caa1490e6087bf0501c607ddbb0441abba5daa Mon Sep 17 00:00:00 2001 From: Omar Gani Date: Wed, 15 Jan 2020 09:31:53 +0100 Subject: [PATCH 11/24] Juniper 2020-01-08 CVE publication, For more information see https://advisory.juniper.net --- 2020/1xxx/CVE-2020-1600.json | 2 +- 2020/1xxx/CVE-2020-1601.json | 2 +- 2020/1xxx/CVE-2020-1602.json | 2 +- 2020/1xxx/CVE-2020-1603.json | 2 +- 2020/1xxx/CVE-2020-1604.json | 2 +- 2020/1xxx/CVE-2020-1605.json | 2 +- 2020/1xxx/CVE-2020-1606.json | 2 +- 2020/1xxx/CVE-2020-1607.json | 2 +- 2020/1xxx/CVE-2020-1608.json | 2 +- 2020/1xxx/CVE-2020-1609.json | 2 +- 2020/1xxx/CVE-2020-1611.json | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json index 019c1294b7d..88dd78e5cea 100644 --- a/2020/1xxx/CVE-2020-1600.json +++ b/2020/1xxx/CVE-2020-1600.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1600", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json index 01e663a1da5..36f0b48d48e 100644 --- a/2020/1xxx/CVE-2020-1601.json +++ b/2020/1xxx/CVE-2020-1601.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1601", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json index c0c36db0d7c..104e790454d 100644 --- a/2020/1xxx/CVE-2020-1602.json +++ b/2020/1xxx/CVE-2020-1602.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1602", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json index daff4a35159..5fe9feb1b12 100644 --- a/2020/1xxx/CVE-2020-1603.json +++ b/2020/1xxx/CVE-2020-1603.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1603", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json index 63e7a85eb7e..d7b5b7cf3d6 100644 --- a/2020/1xxx/CVE-2020-1604.json +++ b/2020/1xxx/CVE-2020-1604.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1604", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json index ac3f0d67431..03c52c093f4 100644 --- a/2020/1xxx/CVE-2020-1605.json +++ b/2020/1xxx/CVE-2020-1605.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1605", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json index 3d98da22a27..966451e75b1 100644 --- a/2020/1xxx/CVE-2020-1606.json +++ b/2020/1xxx/CVE-2020-1606.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1606", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Path traversal vulnerability in J-Web" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json index e53e7d7e842..c72bc491062 100644 --- a/2020/1xxx/CVE-2020-1607.json +++ b/2020/1xxx/CVE-2020-1607.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1607", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json index 01276107a2e..6233162bc0c 100644 --- a/2020/1xxx/CVE-2020-1608.json +++ b/2020/1xxx/CVE-2020-1608.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1608", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service" }, "affects": { diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json index f5541906000..566259a2dd5 100644 --- a/2020/1xxx/CVE-2020-1609.json +++ b/2020/1xxx/CVE-2020-1609.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1609", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device." }, "affects": { diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json index 771db91e487..e850044347f 100644 --- a/2020/1xxx/CVE-2020-1611.json +++ b/2020/1xxx/CVE-2020-1611.json @@ -3,7 +3,7 @@ "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", "ID": "CVE-2020-1611", - "STATE": "READY", + "STATE": "PUBLIC", "TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device." }, "affects": { From 8a71b1a0fd8ad658ff2133881e866f03b43b878f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 09:01:17 +0000 Subject: [PATCH 12/24] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1600.json | 2 +- 2020/1xxx/CVE-2020-1601.json | 2 +- 2020/1xxx/CVE-2020-1602.json | 2 +- 2020/1xxx/CVE-2020-1603.json | 2 +- 2020/1xxx/CVE-2020-1604.json | 2 +- 2020/1xxx/CVE-2020-1605.json | 2 +- 2020/1xxx/CVE-2020-1606.json | 2 +- 2020/1xxx/CVE-2020-1607.json | 2 +- 2020/1xxx/CVE-2020-1608.json | 2 +- 2020/1xxx/CVE-2020-1609.json | 2 +- 2020/1xxx/CVE-2020-1611.json | 10 ++++++---- 11 files changed, 16 insertions(+), 14 deletions(-) diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json index 88dd78e5cea..7ad65982bd9 100644 --- a/2020/1xxx/CVE-2020-1600.json +++ b/2020/1xxx/CVE-2020-1600.json @@ -124,7 +124,7 @@ "description_data": [ { "lang": "eng", - "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.\n\nThis issue affects both SNMP over IPv4 and IPv6. \n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D90;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S5;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R3;\n18.2X75 versions prior to 18.2X75-D50;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2.\n" + "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json index 36f0b48d48e..f89962b6557 100644 --- a/2020/1xxx/CVE-2020-1601.json +++ b/2020/1xxx/CVE-2020-1601.json @@ -115,7 +115,7 @@ "description_data": [ { "lang": "eng", - "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).\n\nContinued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S13, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R2-S11, 17.1R3;\n17.2 versions prior to 17.2R1-S9;\n17.2 version 17.2R2 and later prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2-S6, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect releases of Junos OS prior to 15.1R1. \n" + "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1." } ] }, diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json index 104e790454d..fa48e4bd4c7 100644 --- a/2020/1xxx/CVE-2020-1602.json +++ b/2020/1xxx/CVE-2020-1602.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. \n\nThis issue affect IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json index 5fe9feb1b12..578bf614bff 100644 --- a/2020/1xxx/CVE-2020-1603.json +++ b/2020/1xxx/CVE-2020-1603.json @@ -109,7 +109,7 @@ "description_data": [ { "lang": "eng", - "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. \n\nDuring the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. \nContinued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. \n\nScenarios which have been observed are: \n1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled.\n2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device.\n3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - \n3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed.\n4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario.\n\n \n \n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions prior to 16.1R7-S6;\n16.1 version 16.1X70-D10 and later; \n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect releases prior to Junos OS 16.1R1.\n" + "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1." } ] }, diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json index d7b5b7cf3d6..2e8a7e4bb09 100644 --- a/2020/1xxx/CVE-2020-1604.json +++ b/2020/1xxx/CVE-2020-1604.json @@ -105,7 +105,7 @@ "description_data": [ { "lang": "eng", - "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.\n\nThis issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE).\nThis issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts.\n\nThis issue may occur when evaluating both IPv4 or IPv6 packets.\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series;\n14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series;\n14.1X53 versions prior to 14.1X53-D48 on EX4300 Series;\n15.1 versions prior to 15.1R7-S3 on EX4300 Series;\n16.1 versions prior to 16.1R7 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3 on EX4300 Series;\n17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series;\n17.4 versions prior to 17.4R2 on EX4300 Series;\n18.1 versions prior to 18.1R3 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series." + "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series." } ] }, diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json index 03c52c093f4..0d1187137d9 100644 --- a/2020/1xxx/CVE-2020-1605.json +++ b/2020/1xxx/CVE-2020-1605.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json index 966451e75b1..dc11cf9b162 100644 --- a/2020/1xxx/CVE-2020-1606.json +++ b/2020/1xxx/CVE-2020-1606.json @@ -144,7 +144,7 @@ "description_data": [ { "lang": "eng", - "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.\nThis issue does not affect system files that can be accessed only by root user.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2." + "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json index c72bc491062..3a216eba21d 100644 --- a/2020/1xxx/CVE-2020-1607.json +++ b/2020/1xxx/CVE-2020-1607.json @@ -150,7 +150,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. \n\n\nThis issue affects Juniper Networks Junos OS\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S6, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S2, 19.1R2." + "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2." } ] }, diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json index 6233162bc0c..750dfff45a2 100644 --- a/2020/1xxx/CVE-2020-1608.json +++ b/2020/1xxx/CVE-2020-1608.json @@ -128,7 +128,7 @@ "description_data": [ { "lang": "eng", - "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.\n\nThe issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.\n\n\nThis issue affects MX Series running Juniper Networks Junos OS:\n17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3;\n17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3;\n18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6;\n18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." + "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3; 18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6; 18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." } ] }, diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json index 566259a2dd5..be313e95e1b 100644 --- a/2020/1xxx/CVE-2020-1609.json +++ b/2020/1xxx/CVE-2020-1609.json @@ -142,7 +142,7 @@ "description_data": [ { "lang": "eng", - "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv6 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n" + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." } ] }, diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json index e850044347f..63da0a3a0be 100644 --- a/2020/1xxx/CVE-2020-1611.json +++ b/2020/1xxx/CVE-2020-1611.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.\nThis issue affects:\nJuniper Networks Junos Space\nversions prior to 19.4R1." + "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1." } ] }, @@ -75,12 +75,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kb.juniper.net/JSA10993" + "refsource": "MISC", + "url": "https://kb.juniper.net/JSA10993", + "name": "https://kb.juniper.net/JSA10993" }, { "refsource": "MISC", - "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224", + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" } ] }, From 2bef0e149f58142a9fb74f38e93d97b4fd92bdd9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 11:01:07 +0000 Subject: [PATCH 13/24] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5030.json | 5 +++++ 2019/0xxx/CVE-2019-0639.json | 5 +++++ 2019/16xxx/CVE-2019-16943.json | 5 +++++ 2019/17xxx/CVE-2019-17267.json | 5 +++++ 2019/17xxx/CVE-2019-17531.json | 5 +++++ 2019/20xxx/CVE-2019-20330.json | 10 ++++++++++ 2020/0xxx/CVE-2020-0615.json | 5 +++++ 2020/0xxx/CVE-2020-0616.json | 5 +++++ 2020/0xxx/CVE-2020-0634.json | 5 +++++ 2020/0xxx/CVE-2020-0652.json | 5 +++++ 10 files changed, 55 insertions(+) diff --git a/2017/5xxx/CVE-2017-5030.json b/2017/5xxx/CVE-2017-5030.json index 4e09c423448..9a628cbbc4a 100644 --- a/2017/5xxx/CVE-2017-5030.json +++ b/2017/5xxx/CVE-2017-5030.json @@ -81,6 +81,11 @@ "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ] } diff --git a/2019/0xxx/CVE-2019-0639.json b/2019/0xxx/CVE-2019-0639.json index 1d10c57ac8e..a346b6cca8c 100644 --- a/2019/0xxx/CVE-2019-0639.json +++ b/2019/0xxx/CVE-2019-0639.json @@ -84,6 +84,11 @@ "refsource": "CONFIRM", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 19e5773e680..e2ac8d98588 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 3193bde5b3f..9b2bb8dd81c 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 53774035636..bcb2431f683 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index fa7647c0dc7..b58459f1bb6 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -76,6 +76,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" } ] } diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json index 06d1de329e5..a29994a6666 100644 --- a/2020/0xxx/CVE-2020-0615.json +++ b/2020/0xxx/CVE-2020-0615.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/" } ] } diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json index 37ea46281d9..0f2ae9d89a7 100644 --- a/2020/0xxx/CVE-2020-0616.json +++ b/2020/0xxx/CVE-2020-0616.json @@ -155,6 +155,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/" } ] } diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json index eaf774c60b9..69c06a1d5f4 100644 --- a/2020/0xxx/CVE-2020-0634.json +++ b/2020/0xxx/CVE-2020-0634.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/" } ] } diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json index e1bf5e2f457..3a3e350f9e4 100644 --- a/2020/0xxx/CVE-2020-0652.json +++ b/2020/0xxx/CVE-2020-0652.json @@ -93,6 +93,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/" } ] } From 73f92aa2cdc357495f278501587859d69e87cccd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 13:01:19 +0000 Subject: [PATCH 14/24] "-Synchronized-Data." --- 2012/0xxx/CVE-2012-0334.json | 55 +++++++++++++++++++++++++-- 2012/0xxx/CVE-2012-0945.json | 50 ++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1562.json | 64 +++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1563.json | 69 ++++++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11805.json | 5 +++ 2018/5xxx/CVE-2018-5391.json | 5 +++ 2019/12xxx/CVE-2019-12420.json | 5 +++ 2019/14xxx/CVE-2019-14835.json | 5 +++ 2019/5xxx/CVE-2019-5489.json | 5 +++ 9 files changed, 251 insertions(+), 12 deletions(-) diff --git a/2012/0xxx/CVE-2012-0334.json b/2012/0xxx/CVE-2012-0334.json index caa8c86e85e..98b51630872 100644 --- a/2012/0xxx/CVE-2012-0334.json +++ b/2012/0xxx/CVE-2012-0334.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-0334", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance AsyncOS", + "version": { + "version_data": [ + { + "version_value": "prior to 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334" } ] } diff --git a/2012/0xxx/CVE-2012-0945.json b/2012/0xxx/CVE-2012-0945.json index a63387efb18..b422b1e8f81 100644 --- a/2012/0xxx/CVE-2012-0945.json +++ b/2012/0xxx/CVE-2012-0945.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "whoopsie-daisy", + "product": { + "product_data": [ + { + "product_name": "whoopsie-daisy", + "version": { + "version_data": [ + { + "version_value": "< 0.1.26" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687" } ] } diff --git a/2012/1xxx/CVE-2012-1562.json b/2012/1xxx/CVE-2012-1562.json index e98d62bc081..ac7ad9803db 100644 --- a/2012/1xxx/CVE-2012-1562.json +++ b/2012/1xxx/CVE-2012-1562.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1562", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla! core", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x versions" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! core before 2.5.3 allows unauthorized password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", + "url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html" } ] } diff --git a/2012/1xxx/CVE-2012-1563.json b/2012/1xxx/CVE-2012-1563.json index 978993543d9..1830cbd2e74 100644 --- a/2012/1xxx/CVE-2012-1563.json +++ b/2012/1xxx/CVE-2012-1563.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x releases" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! before 2.5.3 allows Admin Account Creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Admin Account Creation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "url": "https://www.exploit-db.com/exploits/41156/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/41156/" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", + "url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html" } ] } diff --git a/2018/11xxx/CVE-2018-11805.json b/2018/11xxx/CVE-2018-11805.json index 52f981827d7..dbb02a75ee2 100644 --- a/2018/11xxx/CVE-2018-11805.json +++ b/2018/11xxx/CVE-2018-11805.json @@ -118,6 +118,11 @@ "refsource": "UBUNTU", "name": "USN-4237-1", "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2018/5xxx/CVE-2018-5391.json b/2018/5xxx/CVE-2018-5391.json index 012c524e5cc..694fc020dcd 100644 --- a/2018/5xxx/CVE-2018-5391.json +++ b/2018/5xxx/CVE-2018-5391.json @@ -225,6 +225,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en" } ] }, diff --git a/2019/12xxx/CVE-2019-12420.json b/2019/12xxx/CVE-2019-12420.json index ae1b9794fdd..c6ec24141ac 100644 --- a/2019/12xxx/CVE-2019-12420.json +++ b/2019/12xxx/CVE-2019-12420.json @@ -98,6 +98,11 @@ "refsource": "UBUNTU", "name": "USN-4237-1", "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14835.json b/2019/14xxx/CVE-2019-14835.json index 2529a04bbed..c0471de6e3c 100644 --- a/2019/14xxx/CVE-2019-14835.json +++ b/2019/14xxx/CVE-2019-14835.json @@ -238,6 +238,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en" } ] }, diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index 6f9f6768002..8ba04731c6e 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -196,6 +196,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4255", "url": "https://access.redhat.com/errata/RHSA-2019:4255" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en" } ] } From 57fb1e2bb052b781db7b147e0251511b81b46d71 Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Wed, 15 Jan 2020 12:22:19 +0100 Subject: [PATCH 15/24] Add Jenkins 2020-01-15 CVEs --- 2020/2xxx/CVE-2020-2090.json | 64 ++++++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2091.json | 64 ++++++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2092.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2093.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2094.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2095.json | 56 +++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2096.json | 60 +++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2097.json | 60 +++++++++++++++++++++++++++++---- 2020/2xxx/CVE-2020-2098.json | 60 +++++++++++++++++++++++++++++---- 9 files changed, 478 insertions(+), 54 deletions(-) diff --git a/2020/2xxx/CVE-2020-2090.json b/2020/2xxx/CVE-2020-2090.json index 1a7a63e5eef..b46a20e7ca7 100644 --- a/2020/2xxx/CVE-2020-2090.json +++ b/2020/2xxx/CVE-2020-2090.json @@ -1,17 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2091.json b/2020/2xxx/CVE-2020-2091.json index 7a6cecb4f94..c3a69fa9eab 100644 --- a/2020/2xxx/CVE-2020-2091.json +++ b/2020/2xxx/CVE-2020-2091.json @@ -1,17 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index dc31aedad18..1436ea9e6a9 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Robot Framework Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 908bf591fa0..32539b16c52 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 847889b070b..5d5d1844469 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index 251591afcf5..f6483c38edc 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Redgate SQL Change Automation Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index e5549d9802d..c54ba253746 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Hook Plugin", + "version": { + "version_data": [ + { + "version_value": "1.4.2", + "version_affected": "<=" + }, + { + "version_value": "1.4.2", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index b9318a6946b..bc2458f3fa5 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index e5aef641c51..080ff86be33 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } From fb9e7191e3a87688b25d459a1ef6c04b86969f2d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 14:01:09 +0000 Subject: [PATCH 16/24] "-Synchronized-Data." --- 2011/4xxx/CVE-2011-4336.json | 55 ++++++++++++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4907.json | 55 ++++++++++++++++++++++++++++++++-- 2012/0xxx/CVE-2012-0070.json | 55 ++++++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1316.json | 55 ++++++++++++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1326.json | 55 ++++++++++++++++++++++++++++++++-- 2019/18xxx/CVE-2019-18466.json | 5 ++++ 6 files changed, 265 insertions(+), 15 deletions(-) diff --git a/2011/4xxx/CVE-2011-4336.json b/2011/4xxx/CVE-2011-4336.json index abd13941973..6312992aa42 100644 --- a/2011/4xxx/CVE-2011-4336.json +++ b/2011/4xxx/CVE-2011-4336.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4336", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki", + "product": { + "product_data": [ + { + "product_name": "Wiki CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://seclists.org/bugtraq/2011/Nov/140", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2011/Nov/140" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48806/info", + "url": "https://www.securityfocus.com/bid/48806/info" } ] } diff --git a/2011/4xxx/CVE-2011-4907.json b/2011/4xxx/CVE-2011-4907.json index cd2de561355..73eb47dce58 100644 --- a/2011/4xxx/CVE-2011-4907.json +++ b/2011/4xxx/CVE-2011-4907.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4907", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "1.5x through 1.5.12" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/12/25/7" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html", + "url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html" } ] } diff --git a/2012/0xxx/CVE-2012-0070.json b/2012/0xxx/CVE-2012-0070.json index efbf3cf83c2..f78d746639b 100644 --- a/2012/0xxx/CVE-2012-0070.json +++ b/2012/0xxx/CVE-2012-0070.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0070", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "spamdyke", + "product": { + "product_data": [ + { + "product_name": "spamdyke", + "version": { + "version_data": [ + { + "version_value": "prior to 4.2.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/01/20/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/20/7" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070" } ] } diff --git a/2012/1xxx/CVE-2012-1316.json b/2012/1xxx/CVE-2012-1316.json index 89dc7803b73..6aba384b68a 100644 --- a/2012/1xxx/CVE-2012-1316.json +++ b/2012/1xxx/CVE-2012-1316.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1316", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "through at least 2012-04-11" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "MISC", + "name": "https://www.secureworks.com/research/transitive-trust", + "url": "https://www.secureworks.com/research/transitive-trust" } ] } diff --git a/2012/1xxx/CVE-2012-1326.json b/2012/1xxx/CVE-2012-1326.json index 1ab53c52dc9..3bf83ea2cbe 100644 --- a/2012/1xxx/CVE-2012-1326.json +++ b/2012/1xxx/CVE-2012-1326.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1326", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "<= 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326" } ] } diff --git a/2019/18xxx/CVE-2019-18466.json b/2019/18xxx/CVE-2019-18466.json index ae8c034adb6..a85dfda775a 100644 --- a/2019/18xxx/CVE-2019-18466.json +++ b/2019/18xxx/CVE-2019-18466.json @@ -71,6 +71,11 @@ "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0", "refsource": "MISC", "name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4269", + "url": "https://access.redhat.com/errata/RHSA-2019:4269" } ] } From 0971b2b58cc3da920f555e60a9bd81e3ce8280b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 15:01:05 +0000 Subject: [PATCH 17/24] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1850.json | 14 ++++---- 2015/7xxx/CVE-2015-7556.json | 55 +++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8549.json | 63 ++++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11281.json | 5 +++ 2020/7xxx/CVE-2020-7053.json | 5 +++ 2020/7xxx/CVE-2020-7059.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7060.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7061.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7062.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7063.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7064.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7065.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7066.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7067.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7068.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7069.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7070.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7071.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7072.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7073.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7074.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7075.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7076.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7077.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7078.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7079.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7080.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7081.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7082.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7083.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7084.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7085.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7086.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7087.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7088.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7089.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7090.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7091.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7092.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7093.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7094.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7095.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7096.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7097.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7098.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7099.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7100.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7101.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7102.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7103.json | 18 ++++++++++ 50 files changed, 940 insertions(+), 12 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7059.json create mode 100644 2020/7xxx/CVE-2020-7060.json create mode 100644 2020/7xxx/CVE-2020-7061.json create mode 100644 2020/7xxx/CVE-2020-7062.json create mode 100644 2020/7xxx/CVE-2020-7063.json create mode 100644 2020/7xxx/CVE-2020-7064.json create mode 100644 2020/7xxx/CVE-2020-7065.json create mode 100644 2020/7xxx/CVE-2020-7066.json create mode 100644 2020/7xxx/CVE-2020-7067.json create mode 100644 2020/7xxx/CVE-2020-7068.json create mode 100644 2020/7xxx/CVE-2020-7069.json create mode 100644 2020/7xxx/CVE-2020-7070.json create mode 100644 2020/7xxx/CVE-2020-7071.json create mode 100644 2020/7xxx/CVE-2020-7072.json create mode 100644 2020/7xxx/CVE-2020-7073.json create mode 100644 2020/7xxx/CVE-2020-7074.json create mode 100644 2020/7xxx/CVE-2020-7075.json create mode 100644 2020/7xxx/CVE-2020-7076.json create mode 100644 2020/7xxx/CVE-2020-7077.json create mode 100644 2020/7xxx/CVE-2020-7078.json create mode 100644 2020/7xxx/CVE-2020-7079.json create mode 100644 2020/7xxx/CVE-2020-7080.json create mode 100644 2020/7xxx/CVE-2020-7081.json create mode 100644 2020/7xxx/CVE-2020-7082.json create mode 100644 2020/7xxx/CVE-2020-7083.json create mode 100644 2020/7xxx/CVE-2020-7084.json create mode 100644 2020/7xxx/CVE-2020-7085.json create mode 100644 2020/7xxx/CVE-2020-7086.json create mode 100644 2020/7xxx/CVE-2020-7087.json create mode 100644 2020/7xxx/CVE-2020-7088.json create mode 100644 2020/7xxx/CVE-2020-7089.json create mode 100644 2020/7xxx/CVE-2020-7090.json create mode 100644 2020/7xxx/CVE-2020-7091.json create mode 100644 2020/7xxx/CVE-2020-7092.json create mode 100644 2020/7xxx/CVE-2020-7093.json create mode 100644 2020/7xxx/CVE-2020-7094.json create mode 100644 2020/7xxx/CVE-2020-7095.json create mode 100644 2020/7xxx/CVE-2020-7096.json create mode 100644 2020/7xxx/CVE-2020-7097.json create mode 100644 2020/7xxx/CVE-2020-7098.json create mode 100644 2020/7xxx/CVE-2020-7099.json create mode 100644 2020/7xxx/CVE-2020-7100.json create mode 100644 2020/7xxx/CVE-2020-7101.json create mode 100644 2020/7xxx/CVE-2020-7102.json create mode 100644 2020/7xxx/CVE-2020-7103.json diff --git a/2015/1xxx/CVE-2015-1850.json b/2015/1xxx/CVE-2015-1850.json index a4fca09dbd0..66130bcde9b 100644 --- a/2015/1xxx/CVE-2015-1850.json +++ b/2015/1xxx/CVE-2015-1850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none." } ] } diff --git a/2015/7xxx/CVE-2015-7556.json b/2015/7xxx/CVE-2015-7556.json index 05738853ce1..98b9483c265 100644 --- a/2015/7xxx/CVE-2015-7556.json +++ b/2015/7xxx/CVE-2015-7556.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7556", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "National Institute of Advanced Industrial Science and Technology", + "product": { + "product_data": [ + { + "product_name": "DeleGate", + "version": { + "version_data": [ + { + "version_value": "9.9.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.vapidlabs.com/advisory.php?v=159", + "url": "http://www.vapidlabs.com/advisory.php?v=159" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Dec/123", + "url": "http://seclists.org/fulldisclosure/2015/Dec/123" } ] } diff --git a/2015/8xxx/CVE-2015-8549.json b/2015/8xxx/CVE-2015-8549.json index 039102b93d2..073728b91c5 100644 --- a/2015/8xxx/CVE-2015-8549.json +++ b/2015/8xxx/CVE-2015-8549.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8549", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.ocert.org/advisories/ocert-2015-011.html", + "url": "http://www.ocert.org/advisories/ocert-2015-011.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/pull/58", + "url": "https://github.com/hydralabs/pyamf/pull/58" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", + "url": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0" } ] } diff --git a/2019/11xxx/CVE-2019-11281.json b/2019/11xxx/CVE-2019-11281.json index 9a4c5b92be4..ce2a77276b9 100644 --- a/2019/11xxx/CVE-2019-11281.json +++ b/2019/11xxx/CVE-2019-11281.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-74d2feb5be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0078", + "url": "https://access.redhat.com/errata/RHSA-2020:0078" } ] }, diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json index 46080b0c092..7803e706c67 100644 --- a/2020/7xxx/CVE-2020-7053.json +++ b/2020/7xxx/CVE-2020-7053.json @@ -66,6 +66,11 @@ "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310", "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522" } ] } diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json new file mode 100644 index 00000000000..d69faee854d --- /dev/null +++ b/2020/7xxx/CVE-2020-7059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json new file mode 100644 index 00000000000..d4a162e2587 --- /dev/null +++ b/2020/7xxx/CVE-2020-7060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7061.json b/2020/7xxx/CVE-2020-7061.json new file mode 100644 index 00000000000..defe4b05d58 --- /dev/null +++ b/2020/7xxx/CVE-2020-7061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7062.json b/2020/7xxx/CVE-2020-7062.json new file mode 100644 index 00000000000..0b2c29e0e4d --- /dev/null +++ b/2020/7xxx/CVE-2020-7062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7063.json b/2020/7xxx/CVE-2020-7063.json new file mode 100644 index 00000000000..1ffaa480240 --- /dev/null +++ b/2020/7xxx/CVE-2020-7063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7064.json b/2020/7xxx/CVE-2020-7064.json new file mode 100644 index 00000000000..5c3d8c3e0b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7065.json b/2020/7xxx/CVE-2020-7065.json new file mode 100644 index 00000000000..10c88d8a84c --- /dev/null +++ b/2020/7xxx/CVE-2020-7065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7066.json b/2020/7xxx/CVE-2020-7066.json new file mode 100644 index 00000000000..6a5b31dda5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7067.json b/2020/7xxx/CVE-2020-7067.json new file mode 100644 index 00000000000..c4884bbc437 --- /dev/null +++ b/2020/7xxx/CVE-2020-7067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7068.json b/2020/7xxx/CVE-2020-7068.json new file mode 100644 index 00000000000..4ea09887121 --- /dev/null +++ b/2020/7xxx/CVE-2020-7068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7069.json b/2020/7xxx/CVE-2020-7069.json new file mode 100644 index 00000000000..fc60e4259b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7070.json b/2020/7xxx/CVE-2020-7070.json new file mode 100644 index 00000000000..c1f97d11d8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7071.json b/2020/7xxx/CVE-2020-7071.json new file mode 100644 index 00000000000..e584ee1bd52 --- /dev/null +++ b/2020/7xxx/CVE-2020-7071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7072.json b/2020/7xxx/CVE-2020-7072.json new file mode 100644 index 00000000000..99f989602e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7073.json b/2020/7xxx/CVE-2020-7073.json new file mode 100644 index 00000000000..d1dc5d96bd4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7074.json b/2020/7xxx/CVE-2020-7074.json new file mode 100644 index 00000000000..e4b29e9d4fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7075.json b/2020/7xxx/CVE-2020-7075.json new file mode 100644 index 00000000000..9ecb576e0e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7076.json b/2020/7xxx/CVE-2020-7076.json new file mode 100644 index 00000000000..cf446bde3a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7077.json b/2020/7xxx/CVE-2020-7077.json new file mode 100644 index 00000000000..bc538ee73d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7078.json b/2020/7xxx/CVE-2020-7078.json new file mode 100644 index 00000000000..6abf2387022 --- /dev/null +++ b/2020/7xxx/CVE-2020-7078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7079.json b/2020/7xxx/CVE-2020-7079.json new file mode 100644 index 00000000000..dcbea65f30b --- /dev/null +++ b/2020/7xxx/CVE-2020-7079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7080.json b/2020/7xxx/CVE-2020-7080.json new file mode 100644 index 00000000000..4bbc9323729 --- /dev/null +++ b/2020/7xxx/CVE-2020-7080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7081.json b/2020/7xxx/CVE-2020-7081.json new file mode 100644 index 00000000000..af7a871c596 --- /dev/null +++ b/2020/7xxx/CVE-2020-7081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7082.json b/2020/7xxx/CVE-2020-7082.json new file mode 100644 index 00000000000..d7260b69fb5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7083.json b/2020/7xxx/CVE-2020-7083.json new file mode 100644 index 00000000000..32686fe247a --- /dev/null +++ b/2020/7xxx/CVE-2020-7083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7084.json b/2020/7xxx/CVE-2020-7084.json new file mode 100644 index 00000000000..bccf9a467c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7085.json b/2020/7xxx/CVE-2020-7085.json new file mode 100644 index 00000000000..0fff041adc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7086.json b/2020/7xxx/CVE-2020-7086.json new file mode 100644 index 00000000000..174ba247c24 --- /dev/null +++ b/2020/7xxx/CVE-2020-7086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7087.json b/2020/7xxx/CVE-2020-7087.json new file mode 100644 index 00000000000..53db4474591 --- /dev/null +++ b/2020/7xxx/CVE-2020-7087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7088.json b/2020/7xxx/CVE-2020-7088.json new file mode 100644 index 00000000000..5401ad850b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7089.json b/2020/7xxx/CVE-2020-7089.json new file mode 100644 index 00000000000..80231727dd3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7090.json b/2020/7xxx/CVE-2020-7090.json new file mode 100644 index 00000000000..07ace67932f --- /dev/null +++ b/2020/7xxx/CVE-2020-7090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7091.json b/2020/7xxx/CVE-2020-7091.json new file mode 100644 index 00000000000..5ab21a6b222 --- /dev/null +++ b/2020/7xxx/CVE-2020-7091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7092.json b/2020/7xxx/CVE-2020-7092.json new file mode 100644 index 00000000000..034c95deee5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7093.json b/2020/7xxx/CVE-2020-7093.json new file mode 100644 index 00000000000..fafb979aaa4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7094.json b/2020/7xxx/CVE-2020-7094.json new file mode 100644 index 00000000000..6e5314b7e91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7095.json b/2020/7xxx/CVE-2020-7095.json new file mode 100644 index 00000000000..eb87a89aa8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7096.json b/2020/7xxx/CVE-2020-7096.json new file mode 100644 index 00000000000..b02c1ed5a42 --- /dev/null +++ b/2020/7xxx/CVE-2020-7096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7097.json b/2020/7xxx/CVE-2020-7097.json new file mode 100644 index 00000000000..ca75d0af2e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7098.json b/2020/7xxx/CVE-2020-7098.json new file mode 100644 index 00000000000..e93580d2a04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7099.json b/2020/7xxx/CVE-2020-7099.json new file mode 100644 index 00000000000..027956f04a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7100.json b/2020/7xxx/CVE-2020-7100.json new file mode 100644 index 00000000000..5fc13a1ea27 --- /dev/null +++ b/2020/7xxx/CVE-2020-7100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7101.json b/2020/7xxx/CVE-2020-7101.json new file mode 100644 index 00000000000..b50d723b7f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7102.json b/2020/7xxx/CVE-2020-7102.json new file mode 100644 index 00000000000..c1ad57a2bbc --- /dev/null +++ b/2020/7xxx/CVE-2020-7102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7103.json b/2020/7xxx/CVE-2020-7103.json new file mode 100644 index 00000000000..806d0eb455e --- /dev/null +++ b/2020/7xxx/CVE-2020-7103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a07f19d30275d5c7e35aca029b4fd7da8037c082 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 16:01:15 +0000 Subject: [PATCH 18/24] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5466.json | 63 ++++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5484.json | 58 +++++++++++++++++++++++++++++-- 2015/7xxx/CVE-2015-7874.json | 48 ++++++++++++++++++++++++-- 2018/12xxx/CVE-2018-12417.json | 14 ++++---- 2019/11xxx/CVE-2019-11045.json | 5 +++ 2019/11xxx/CVE-2019-11046.json | 5 +++ 2019/11xxx/CVE-2019-11047.json | 5 +++ 2019/11xxx/CVE-2019-11050.json | 5 +++ 2019/17xxx/CVE-2019-17015.json | 5 +++ 2019/17xxx/CVE-2019-17016.json | 5 +++ 2019/17xxx/CVE-2019-17017.json | 5 +++ 2019/17xxx/CVE-2019-17021.json | 5 +++ 2019/17xxx/CVE-2019-17022.json | 5 +++ 2019/17xxx/CVE-2019-17024.json | 5 +++ 2019/18xxx/CVE-2019-18412.json | 18 ++++++++++ 2019/5xxx/CVE-2019-5108.json | 5 +++ 2020/2xxx/CVE-2020-2090.json | 3 +- 2020/2xxx/CVE-2020-2091.json | 3 +- 2020/2xxx/CVE-2020-2092.json | 3 +- 2020/2xxx/CVE-2020-2093.json | 3 +- 2020/2xxx/CVE-2020-2094.json | 3 +- 2020/2xxx/CVE-2020-2095.json | 3 +- 2020/2xxx/CVE-2020-2096.json | 3 +- 2020/2xxx/CVE-2020-2097.json | 3 +- 2020/2xxx/CVE-2020-2098.json | 3 +- 2020/5xxx/CVE-2020-5180.json | 4 +-- 26 files changed, 263 insertions(+), 24 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18412.json diff --git a/2015/5xxx/CVE-2015-5466.json b/2015/5xxx/CVE-2015-5466.json index 0687f07a3fa..19b4e3c618f 100644 --- a/2015/5xxx/CVE-2015-5466.json +++ b/2015/5xxx/CVE-2015-5466.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5466", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/2", + "url": "http://seclists.org/fulldisclosure/2015/Sep/2" } ] } diff --git a/2015/5xxx/CVE-2015-5484.json b/2015/5xxx/CVE-2015-5484.json index 663fc708db3..a4e0c3af8d4 100644 --- a/2015/5xxx/CVE-2015-5484.json +++ b/2015/5xxx/CVE-2015-5484.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5484", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", + "url": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jul/68", + "url": "http://seclists.org/fulldisclosure/2015/Jul/68" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-plotly/changelog/", + "url": "https://wordpress.org/plugins/wp-plotly/changelog/" } ] } diff --git a/2015/7xxx/CVE-2015-7874.json b/2015/7xxx/CVE-2015-7874.json index 8fbe98e5f62..1ea5aa70879 100644 --- a/2015/7xxx/CVE-2015-7874.json +++ b/2015/7xxx/CVE-2015-7874.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7874", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39119/", + "url": "https://www.exploit-db.com/exploits/39119/" } ] } diff --git a/2018/12xxx/CVE-2018-12417.json b/2018/12xxx/CVE-2018-12417.json index ee19b6031c4..5d6dda4566b 100644 --- a/2018/12xxx/CVE-2018-12417.json +++ b/2018/12xxx/CVE-2018-12417.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12417", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/11xxx/CVE-2019-11045.json b/2019/11xxx/CVE-2019-11045.json index 1a7183b3848..5e429eade35 100644 --- a/2019/11xxx/CVE-2019-11045.json +++ b/2019/11xxx/CVE-2019-11045.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11046.json b/2019/11xxx/CVE-2019-11046.json index bdd8c4d717e..bffdb4abf80 100644 --- a/2019/11xxx/CVE-2019-11046.json +++ b/2019/11xxx/CVE-2019-11046.json @@ -120,6 +120,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11047.json b/2019/11xxx/CVE-2019-11047.json index 8a5184db238..173f2fa95a6 100644 --- a/2019/11xxx/CVE-2019-11047.json +++ b/2019/11xxx/CVE-2019-11047.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11050.json b/2019/11xxx/CVE-2019-11050.json index f3c77212ca5..4909f97cd34 100644 --- a/2019/11xxx/CVE-2019-11050.json +++ b/2019/11xxx/CVE-2019-11050.json @@ -115,6 +115,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index 469393d5dba..aa4c0fca029 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index c5aaa1b80fe..18ed8a1582a 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 7a4a1fce863..953a5049a52 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 6a55758b2cb..2d8c5c24c83 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 6152132b3fd..cb93d3b8641 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 3a723d9004f..3c9f5fd9750 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0111", "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18412.json b/2019/18xxx/CVE-2019-18412.json new file mode 100644 index 00000000000..b618d216c0e --- /dev/null +++ b/2019/18xxx/CVE-2019-18412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18412", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index a8e07979a16..7428a8744c9 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e", + "url": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e" } ] }, diff --git a/2020/2xxx/CVE-2020-2090.json b/2020/2xxx/CVE-2020-2090.json index b46a20e7ca7..f69591213ff 100644 --- a/2020/2xxx/CVE-2020-2090.json +++ b/2020/2xxx/CVE-2020-2090.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2090", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2091.json b/2020/2xxx/CVE-2020-2091.json index c3a69fa9eab..52588d565e3 100644 --- a/2020/2xxx/CVE-2020-2091.json +++ b/2020/2xxx/CVE-2020-2091.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2091", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index 1436ea9e6a9..51d1ad2dd03 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2092", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 32539b16c52..efc53a1dc65 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2093", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 5d5d1844469..0ca318a6c37 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2094", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index f6483c38edc..81e975b2593 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2095", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index c54ba253746..6da437e8dba 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2096", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index bc2458f3fa5..ee1922071a6 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2097", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index 080ff86be33..9c66003c84d 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2098", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/5xxx/CVE-2020-5180.json b/2020/5xxx/CVE-2020-5180.json index 13ed3490fa6..f0d17dbbdd4 100644 --- a/2020/5xxx/CVE-2020-5180.json +++ b/2020/5xxx/CVE-2020-5180.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.sparklabs.com/blog/", - "url": "https://www.sparklabs.com/blog/" + "name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/", + "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/" } ] } From 234fbe29574e5fff788fb1e5cec1dafab28b96ea Mon Sep 17 00:00:00 2001 From: Madison Oliver Date: Wed, 15 Jan 2020 11:58:13 -0500 Subject: [PATCH 19/24] completing RBP CVEs --- 2017/3xxx/CVE-2017-3211.json | 91 ++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9493.json | 102 +++++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9510.json | 118 +++++++++++++++++++++++++++++++++-- 3 files changed, 301 insertions(+), 10 deletions(-) mode change 100644 => 100755 2017/3xxx/CVE-2017-3211.json mode change 100644 => 100755 2019/9xxx/CVE-2019-9510.json diff --git a/2017/3xxx/CVE-2017-3211.json b/2017/3xxx/CVE-2017-3211.json old mode 100644 new mode 100755 index fa396139464..bc9059fea21 --- a/2017/3xxx/CVE-2017-3211.json +++ b/2017/3xxx/CVE-2017-3211.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2017-05-17T00:00:00.000Z", "ID": "CVE-2017-3211", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Centire Yopify leaks customer information" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yopify", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2017-04-06", + "version_value": "2017-04-06" + } + ] + } + } + ] + }, + "vendor_name": "Centire" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,60 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site's source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl 'https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080'\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site's customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn't have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n \n" + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-213 Intentional Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/" + } + ] + }, + "source": { + "defect": [ + "R7-2017-05" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9493.json b/2019/9xxx/CVE-2019-9493.json index 85b1d645c1b..bc0a3e753fc 100644 --- a/2019/9xxx/CVE-2019-9493.json +++ b/2019/9xxx/CVE-2019-9493.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", "ID": "CVE-2019-9493", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MyCar Controls uses hard-coded credentials" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MyCar Controls", + "version": { + "version_data": [ + { + "platform": "iOS", + "version_affected": "<", + "version_value": "3.4.24" + }, + { + "platform": "Android", + "version_affected": "<", + "version_value": "4.1.2" + } + ] + } + } + ] + }, + "vendor_name": "AutoMobility Distribution Inc." + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +43,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#174715", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/174715/" + }, + { + "name": "https://www.securityfocus.com/bid/107827", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/107827" + }, + { + "name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control" + }, + { + "name": "https://mycarcontrols.com/", + "refsource": "MISC", + "url": "https://mycarcontrols.com/" + }, + { + "name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815", + "refsource": "MISC", + "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815" + } + ] + }, + "source": { + "advisory": "VU#174715", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9510.json b/2019/9xxx/CVE-2019-9510.json old mode 100644 new mode 100755 index 56ee59a62d0..f47282eefe3 --- a/2019/9xxx/CVE-2019-9510.json +++ b/2019/9xxx/CVE-2019-9510.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-06-04T00:00:00.000Z", "ID": "CVE-2019-9510", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Microsoft Windows RDP can bypass the Windows lock screen" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 or newer system using RDP", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "10 ", + "version_value": "1803" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "2019", + "version_value": "2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,73 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#576688", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/576688/" + }, + { + "name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)" + }, + { + "name":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389" + }, + { + "name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect", + "refsource": "MISC", + "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect" + } + ] + }, + "source": { + "advisory": "VU#576688", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them." + } + ] } \ No newline at end of file From 8a4d392672cd34e0e52e3bb4471fc47de7c6373d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:01:19 +0000 Subject: [PATCH 20/24] "-Synchronized-Data." --- 2007/4xxx/CVE-2007-4774.json | 53 +++++++++++- 2019/11xxx/CVE-2019-11287.json | 5 ++ 2019/1xxx/CVE-2019-1332.json | 5 ++ 2020/2xxx/CVE-2020-2637.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2638.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2639.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2640.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2641.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2642.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2643.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2644.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2645.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2646.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2647.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2648.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2649.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2650.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2651.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2652.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2653.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2654.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2655.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2656.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2657.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2658.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2659.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2660.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2661.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2662.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2663.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2664.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2665.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2666.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2667.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2668.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2669.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2670.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2671.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2672.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2673.json | 137 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2674.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2675.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2676.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2677.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2678.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2679.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2680.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2681.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2682.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2683.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2684.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2685.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2686.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2687.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2688.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2689.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2690.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2691.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2692.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2693.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2694.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2695.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2696.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2697.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2698.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2699.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2700.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2701.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2702.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2703.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2704.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2705.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2707.json | 145 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2709.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2710.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2711.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2712.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2713.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2714.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2715.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2716.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2717.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2718.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2719.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2720.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2721.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2722.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2723.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2724.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2725.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2726.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2727.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2728.json | 113 ++++++++++++------------- 2020/2xxx/CVE-2020-2729.json | 121 +++++++++++++-------------- 2020/2xxx/CVE-2020-2730.json | 129 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2731.json | 137 ++++++++++++++++--------------- 96 files changed, 5879 insertions(+), 5541 deletions(-) diff --git a/2007/4xxx/CVE-2007-4774.json b/2007/4xxx/CVE-2007-4774.json index fb6267d6fa0..92b4a46f28b 100644 --- a/2007/4xxx/CVE-2007-4774.json +++ b/2007/4xxx/CVE-2007-4774.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4774", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60", + "refsource": "MISC", + "name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60" } ] } diff --git a/2019/11xxx/CVE-2019-11287.json b/2019/11xxx/CVE-2019-11287.json index a38496e4da6..a1f22f2c9da 100644 --- a/2019/11xxx/CVE-2019-11287.json +++ b/2019/11xxx/CVE-2019-11287.json @@ -100,6 +100,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0078", "url": "https://access.redhat.com/errata/RHSA-2020:0078" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin" } ] }, diff --git a/2019/1xxx/CVE-2019-1332.json b/2019/1xxx/CVE-2019-1332.json index fd9ad707025..484a1101d83 100644 --- a/2019/1xxx/CVE-2019-1332.json +++ b/2019/1xxx/CVE-2019-1332.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services" } ] } diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index c6c6a9d8580..a43f29ab6ff 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2637" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager for Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager for Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index 783b46a8b7b..bb1066a3ff1 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2638" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index 462c5f637c7..edc961eb49b 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2639" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index 6750656041e..d16a1f82b2c 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2640" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index c13b39d832d..b1db6e66ed5 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2641" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index 38a19a94b6f..d7f0da8fc6c 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2642" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index d85f02225e5..a322acc7e5c 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2643" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index c4af2a25e87..d6bf7614fb2 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2644" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index c6973ee97ca..d2c977336c0 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2645" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index 5e2f9a3fbec..c59636e8248 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2646" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 18c7040f2b8..70ef9d01e74 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2647" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - }, - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index be8c9bfaab1..a086d88e1a7 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2648" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index 88f6a714106..4e747362b50 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2649" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 24db2b6a16c..2f7f228e358 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2650" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"16.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index cf03c00ddf8..06c47116fe4 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2651" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 3835a372f12..731dc41982c 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2652" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 4c4cd24a23a..47df3b84d81 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2653" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b71e25f74aa..cd6b00d28fe 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2654" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index 3109c876686..495e0075814 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2655" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 11.0.5, 13.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 11.0.5, 13.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index 312e3238bc0..ac00d42335e 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2656" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - }, - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index 48692a18b72..63bc5682d81 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2657" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index c4d76b33d98..964a8c1a64e 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2658" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 9ae924c19f0..6c5b233aee5 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2659" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index c4b7aa74bfb..5378660c003 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2660" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index ca36679f934..c32fab0afc1 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2661" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index fb4d1aff558..993014b7443 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2662" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index c307b9cef51..d8ea14da8dd 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2663" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index a191ec25d53..7507406c316 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2664" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index fb1c491baf8..b9e4c5a7df4 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2665" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index 10bc1649e53..84ae4e1a0c9 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2666" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Applications Framework", - "version":{ - "version_data":[ - { - "version_value":"12.2.5-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.2.5-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index fc3b2f086c8..5c603c96007 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2667" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index be9752a7f54..04ff8fb8941 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2668" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iSupport", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index 2e3c7ea7eb9..de9d5de3de7 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2669" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 2ea33832137..52fa8fecafa 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2670" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index f13f4235099..e683a241369 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2671" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index ebc29adda1f..a209425dd0a 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2672" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Email Center", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index 96acee027d2..16d661ccb44 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2673" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Application Testing Suite", - "version":{ - "version_data":[ - { - "version_value":"12.5.0.3", - "version_affected":"=" - }, - { - "version_value":"13.1.0.1", - "version_affected":"=" - }, - { - "version_value":"13.2.0.1", - "version_affected":"=" - }, - { - "version_value":"13.3.0.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Testing Suite", + "version": { + "version_data": [ + { + "version_value": "12.5.0.3", + "version_affected": "=" + }, + { + "version_value": "13.1.0.1", + "version_affected": "=" + }, + { + "version_value": "13.2.0.1", + "version_affected": "=" + }, + { + "version_value": "13.3.0.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index 85d2d865a67..d57ee15a155 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2674" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index b3d86e0276c..300305e6fdb 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2675" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index 7d87b340e7a..f3ed7e397ec 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2676" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index 4f293dd4e60..f39121a9d00 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2677" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality OPERA 5 Property Services", - "version":{ - "version_data":[ - { - "version_value":"5.5", - "version_affected":"=" - }, - { - "version_value":"5.6", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + }, + { + "version_value": "5.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 4bcbb357308..d706d978fa8 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2678" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index 510c94b8403..d7e2b87fca8 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2679" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 6b6e1a3bf38..169bcf01d18 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2680" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index ab16d65d948..569c6a27866 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2681" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 1cc7251998f..1e11e707841 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2682" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index 7194c48248d..105591ab7c9 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2683" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index dbf527edcc8..a16d72ab10b 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2684" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index 89b9a4b00bb..1d94b8e60df 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2685" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index 1b1307a04ff..f92e644d171 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2686" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index 397b6038991..c7c47bbb24e 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2687" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 8122c9744f4..13389f92c45 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2688" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Financial Services Analytical Applications Infrastructure", - "version":{ - "version_data":[ - { - "version_value":"8.0.4-8.0.8", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.4-8.0.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index 6028067924e..db7abc2f7b5 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2689" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index 5f517d46d10..1a2932c0b16 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2690" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index 04af7c6f463..c7103bf3a3d 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2691" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index 2159da124f7..96cd86eb09c 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2692" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index e3e144d3cb3..66be4ff5850 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2693" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index da640a73de9..7b8ca756d8a 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2694" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index 0d4a3220546..77e37b2c676 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2695" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise CC Common Application Objects", - "version":{ - "version_data":[ - { - "version_value":"9.1", - "version_affected":"=" - }, - { - "version_value":"9.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CC Common Application Objects", + "version": { + "version_data": [ + { + "version_value": "9.1", + "version_affected": "=" + }, + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index fb3ce2fd944..a6b2ecc20c2 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2696" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"10", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index fb27c1e0181..3c060065a2e 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2697" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality Suites Management", - "version":{ - "version_data":[ - { - "version_value":"3.7", - "version_affected":"=" - }, - { - "version_value":"3.8", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suites Management", + "version": { + "version_data": [ + { + "version_value": "3.7", + "version_affected": "=" + }, + { + "version_value": "3.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 59db7dd9512..f9f66698448 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2698" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index f2aceb74b8c..af5bf9a8761 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2699" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index 7256a3e329f..b6e8a8b4660 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2700" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Universal Banking", - "version":{ - "version_data":[ - { - "version_value":"12.0.1-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index a247ee7ec6d..f9aab36e1d4 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2701" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index e61e95e06e8..1b3a025a098 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2702" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index adaf8bd7311..998ffad64b8 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2703" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index 49735f48a0b..29662163ced 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2704" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 4caf43a0c27..79b27dc4e66 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2705" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index fdb357394aa..3fc8099060b 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2707" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Primavera P6 Enterprise Project Portfolio Management", - "version":{ - "version_data":[ - { - "version_value":"15.1.0.0-15.2.18.7", - "version_affected":"=" - }, - { - "version_value":"16.1.0.0-16.2.19.0", - "version_affected":"=" - }, - { - "version_value":"17.1.0.0-17.12.16.0", - "version_affected":"=" - }, - { - "version_value":"18.1.0.0-18.8.16.0", - "version_affected":"=" - }, - { - "version_value":"19.12.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "15.1.0.0-15.2.18.7", + "version_affected": "=" + }, + { + "version_value": "16.1.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.1.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index a310fc13d4d..5490967d372 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2709" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iLearning", - "version":{ - "version_data":[ - { - "version_value":"6.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iLearning", + "version": { + "version_data": [ + { + "version_value": "6.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 59fb17a62ad..5a90ecbdf0f 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2710" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 0a6b24f53bc..385eb2749d8 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2711" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 9d4e37a02bc..119d492372e 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2712" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index f5127e4a841..c895332df34 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2713" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index 8ba0833a5e8..7d5f38d1482 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2714" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Payments", - "version":{ - "version_data":[ - { - "version_value":"14.1.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 33931639956..70eabb994df 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2715" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index cc6d97aa61f..5e7db22f8f2 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2716" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index fff252b6389..256bec0ba8b 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2717" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index 2eba684b1a6..53789a7a51f 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2718" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index b8c79b816a9..03d1c713658 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2719" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Banking Corporate Lending", - "version":{ - "version_data":[ - { - "version_value":"12.3.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 38fb0ee79ea..0408e56b61a 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2720" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 009ac31f2db..3db59f88c77 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2721" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index 5a6b64efe13..f98ef5a1455 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2722" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index ab545b21a36..22ddb2d61d8 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2723" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index b7f2aa3a9bb..8d9e5f8e205 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2724" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"FLEXCUBE Investor Servicing", - "version":{ - "version_data":[ - { - "version_value":"12.1.0-12.4.0", - "version_affected":"=" - }, - { - "version_value":"14.0.0-14.1.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 55d01d74f2d..356c53b8be6 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2725" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 70a2d6bcd32..f11853beb01 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2726" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index ad7720145b1..0cfb16ce0fa 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2727" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"VM VirtualBox", - "version":{ - "version_data":[ - { - "version_value":"5.2.36", - "version_affected":"<" - }, - { - "version_value":"6.0.16", - "version_affected":"<" - }, - { - "version_value":"6.1.2", - "version_affected":"<" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index 8e4c3549c43..fa9b8edf03a 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2728" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Identity Manager", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index 419b6ab03a4..c78a4672824 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2729" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Identity Manager", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 2c6d0c491b9..33239f6f309 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2730" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Financial Services Revenue Management and Billing", - "version":{ - "version_data":[ - { - "version_value":"2.7.0.0", - "version_affected":"=" - }, - { - "version_value":"2.7.0.1", - "version_affected":"=" - }, - { - "version_value":"2.8.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Revenue Management and Billing", + "version": { + "version_data": [ + { + "version_value": "2.7.0.0", + "version_affected": "=" + }, + { + "version_value": "2.7.0.1", + "version_affected": "=" + }, + { + "version_value": "2.8.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index 0d5d96a3c44..b7d933f06c7 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2731" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From 39bb9d2157c87b0283d317013526006498403ed0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:01:42 +0000 Subject: [PATCH 21/24] "-Synchronized-Data." --- 2005/4xxx/CVE-2005-4891.json | 55 +++++++- 2007/4xxx/CVE-2007-4773.json | 63 ++++++++- 2012/1xxx/CVE-2012-1695.json | 85 ++++++------ 2015/5xxx/CVE-2015-5230.json | 60 ++++++++- 2015/5xxx/CVE-2015-5952.json | 48 ++++++- 2015/6xxx/CVE-2015-6497.json | 68 +++++++++- 2019/16xxx/CVE-2019-16466.json | 62 +++++++++ 2019/16xxx/CVE-2019-16467.json | 62 +++++++++ 2019/16xxx/CVE-2019-16468.json | 62 +++++++++ 2019/16xxx/CVE-2019-16469.json | 62 +++++++++ 2019/2xxx/CVE-2019-2725.json | 30 ++--- 2019/2xxx/CVE-2019-2729.json | 52 +------- 2019/2xxx/CVE-2019-2904.json | 231 ++++++--------------------------- 2020/2xxx/CVE-2020-2510.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2511.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2512.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2515.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2516.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2517.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2518.json | 153 +++++++++++----------- 2020/2xxx/CVE-2020-2519.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2527.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2530.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2531.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2533.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2534.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2535.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2536.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2537.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2538.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2539.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2540.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2541.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2542.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2543.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2544.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2545.json | 153 ++++++++++------------ 2020/2xxx/CVE-2020-2546.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2547.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2548.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2549.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2550.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2551.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2552.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2555.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2556.json | 145 +++++++++++---------- 2020/2xxx/CVE-2020-2557.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2558.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2559.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2560.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2561.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2563.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2564.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2565.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2566.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2567.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2568.json | 137 +++++++++---------- 2020/2xxx/CVE-2020-2569.json | 129 +++++++++--------- 2020/2xxx/CVE-2020-2570.json | 121 ++++++++--------- 2020/2xxx/CVE-2020-2571.json | 113 ++++++++-------- 2020/2xxx/CVE-2020-2572.json | 121 ++++++++--------- 61 files changed, 3694 insertions(+), 3262 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16466.json create mode 100644 2019/16xxx/CVE-2019-16467.json create mode 100644 2019/16xxx/CVE-2019-16468.json create mode 100644 2019/16xxx/CVE-2019-16469.json diff --git a/2005/4xxx/CVE-2005-4891.json b/2005/4xxx/CVE-2005-4891.json index be3d7f5b81d..c76d4136dc7 100644 --- a/2005/4xxx/CVE-2005-4891.json +++ b/2005/4xxx/CVE-2005-4891.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2005-4891", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simple Machine Forum", + "product": { + "product_data": [ + { + "product_name": "Simple Machine Forum", + "version": { + "version_data": [ + { + "version_value": "1.0.4 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/14/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/14/10" + }, + { + "refsource": "MISC", + "name": "https://securiteam.com/exploits/5HP0N0KG0O/", + "url": "https://securiteam.com/exploits/5HP0N0KG0O/" } ] } diff --git a/2007/4xxx/CVE-2007-4773.json b/2007/4xxx/CVE-2007-4773.json index e6ffbf54ee4..f8e1525805d 100644 --- a/2007/4xxx/CVE-2007-4773.json +++ b/2007/4xxx/CVE-2007-4773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Systrace before 1.6.0 has insufficient escape policy enforcement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.citi.umich.edu/u/provos/systrace/", + "refsource": "MISC", + "name": "http://www.citi.umich.edu/u/provos/systrace/" + }, + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "http://taviso.decsystem.org/research.t2t", + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.t2t" + }, + { + "refsource": "MISC", + "name": "https://www.provos.org/index.php?/archives/2007/12/C2.html", + "url": "https://www.provos.org/index.php?/archives/2007/12/C2.html" } ] } diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index 9aee1e7171f..df6a09d5e3e 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,80 +1,81 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2012-1695", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1695", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"n/a", - "version":{ - "version_data":[ + "product_name": "n/a", + "version": { + "version_data": [ { - "version_value":"n/a" + "version_value": "n/a" } ] } } ] }, - "vendor_name":"n/a" + "vendor_name": "n/a" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"n/a" + "lang": "eng", + "value": "n/a" } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "name":"48864", - "refsource":"SECUNIA", - "url":"http://secunia.com/advisories/48864" + "name": "48864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48864" }, { - "name":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource":"CONFIRM", - "url":"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { - "name":"1026948", - "refsource":"SECTRACK", - "url":"http://www.securitytracker.com/id?1026948" + "name": "1026948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026948" }, { - "name":"MDVSA-2013:150", - "refsource":"MANDRIVA", - "url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/5xxx/CVE-2015-5230.json b/2015/5xxx/CVE-2015-5230.json index 83930830e24..2ca53be1f10 100644 --- a/2015/5xxx/CVE-2015-5230.json +++ b/2015/5xxx/CVE-2015-5230.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5230", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerDNS", + "product": { + "product_data": [ + { + "product_name": "PowerDNS Authoritative Server", + "version": { + "version_data": [ + { + "version_value": "3.4.x before 3.4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3347", + "url": "http://www.debian.org/security/2015/dsa-3347" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033475", + "url": "http://www.securitytracker.com/id/1033475" } ] } diff --git a/2015/5xxx/CVE-2015-5952.json b/2015/5xxx/CVE-2015-5952.json index 47efd950424..25959af950f 100644 --- a/2015/5xxx/CVE-2015-5952.json +++ b/2015/5xxx/CVE-2015-5952.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5952", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Aug/24", + "url": "http://seclists.org/fulldisclosure/2015/Aug/24" } ] } diff --git a/2015/6xxx/CVE-2015-6497.json b/2015/6xxx/CVE-2015-6497.json index e08d30f08b4..d487c506ecd 100644 --- a/2015/6xxx/CVE-2015-6497.json +++ b/2015/6xxx/CVE-2015-6497.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6497", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", + "url": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2015-04", + "url": "http://karmainsecurity.com/KIS-2015-04" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/48", + "url": "http://seclists.org/fulldisclosure/2015/Sep/48" + }, + { + "refsource": "MISC", + "name": "http://magento.com/security/patches/supee-6482", + "url": "http://magento.com/security/patches/supee-6482" } ] } diff --git a/2019/16xxx/CVE-2019-16466.json b/2019/16xxx/CVE-2019-16466.json new file mode 100644 index 00000000000..341b9690dda --- /dev/null +++ b/2019/16xxx/CVE-2019-16466.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16466", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16467.json b/2019/16xxx/CVE-2019-16467.json new file mode 100644 index 00000000000..ad54a086a63 --- /dev/null +++ b/2019/16xxx/CVE-2019-16467.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16467", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16468.json b/2019/16xxx/CVE-2019-16468.json new file mode 100644 index 00000000000..a407584282d --- /dev/null +++ b/2019/16xxx/CVE-2019-16468.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface Injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16468", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16469.json b/2019/16xxx/CVE-2019-16469.json new file mode 100644 index 00000000000..774290ba20d --- /dev/null +++ b/2019/16xxx/CVE-2019-16469.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16469", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 6d30348f41e..6451c645ec4 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape Virtual VSM GUI - Virtual Storage Manager GUI", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "6.2", + "version_value": "8.5", "version_affected": "=" } ] @@ -23,23 +23,7 @@ } ] }, - "vendor_name": "Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Tape Library ACSLS", - "version":{ - "version_data":[ - { - "version_value":"8.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } @@ -100,8 +84,10 @@ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } -} +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 58314736bc2..58f6071d9d6 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape General STA - StorageTek Tape Analytics SW Tool", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "2.3.0", + "version_value": "8.5", "version_affected": "=" } ] @@ -23,47 +23,7 @@ } ] }, - "vendor_name": "Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - }, - { - "version_value":"8.58", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Tape Library ACSLS", - "version":{ - "version_data":[ - { - "version_value":"8.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } @@ -109,8 +69,10 @@ "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" - } + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } ] } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index cb2e9eff42b..87ee65538f3 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,227 +1,72 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2019-2904", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2904", + "STATE": "PUBLIC" }, - "affects":{ - "vendor":{ - "vendor_data":[ + "affects": { + "vendor": { + "vendor_data": [ { - "product":{ - "product_data":[ + "product": { + "product_data": [ { - "product_name":"JDeveloper", - "version":{ - "version_data":[ + "product_name": "Retail Sales Audit", + "version": { + "version_data": [ { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" + "version_value": "15.0.3. 16.0.2", + "version_affected": "=" } ] } } ] }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Application Testing Suite", - "version":{ - "version_data":[ - { - "version_value":"12.5.0.3", - "version_affected":"=" - }, - { - "version_value":"13.1.0.1", - "version_affected":"=" - }, - { - "version_value":"13.2.0.1", - "version_affected":"=" - }, - { - "version_value":"13.3.0.1", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Clinical", - "version":{ - "version_data":[ - { - "version_value":"5.2", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Health Sciences Data Management Workbench", - "version":{ - "version_data":[ - { - "version_value":"2.4", - "version_affected":"=" - }, - { - "version_value":"2.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Hyperion Planning", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.4", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Assortment Planning", - "version":{ - "version_data":[ - { - "version_value":"15.0.3", - "version_affected":"=" - }, - { - "version_value":"16.0.3", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Clearance Optimization Engine", - "version":{ - "version_data":[ - { - "version_value":"14.0.5", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Markdown Optimization", - "version":{ - "version_data":[ - { - "version_value":"13.4", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Retail Sales Audit", - "version":{ - "version_data":[ - { - "version_value":"15.0.3. 16.0.2", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" + "vendor_name": "Oracle Corporation" } ] } }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang":"eng", - "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang": "eng", + "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype":{ - "problemtype_data":[ + "problemtype": { + "problemtype_data": [ { - "description":[ + "description": [ { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references":{ - "reference_data":[ + "references": { + "reference_data": [ { - "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource":"MISC", - "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource":"MISC", - "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" }, { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index 4f7940c9efd..c65cedab6d8 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2510" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index d389ba57613..20fdd61b9ad 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2511" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 128e507e2be..7be45bd83de 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2512" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index 2ca9db2118b..e42c374a299 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2515" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index 70f403b6615..10022020d1b 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2516" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index e04cc44cda9..f121ba9b7b8 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2517" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index 2c9d36d0b5c..f791dd414dd 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,80 +1,83 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2518" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"11.2.0.4", - "version_affected":"=" - }, - { - "version_value":"12.1.0.11", - "version_affected":"=" - }, - { - "version_value":"29", - "version_affected":"=" - }, - { - "version_value":"212.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.11", + "version_affected": "=" + }, + { + "version_value": "29", + "version_affected": "=" + }, + { + "version_value": "212.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.11,29,212.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index dce35bf55c4..cf5da15f819 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2519" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 4a6622dafe8..7ed4593aebc 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2527" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index 1c7ea6f81e8..b6d9bafb274 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2530" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"HTTP Server", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HTTP Server", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index 660c440a28d..e1f155358d3 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2531" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index 0a3dbd5f391..44b67b1568e 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2533" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Reports Developer", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index aac2bbb2c7e..07f26affdb6 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2534" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Reports Developer", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 4d69a6f9ff7..7d4db92d9c4 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2535" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index ff9f9ee8c54..9c225bdaf7c 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2536" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index 7a34d43613c..f5fc9a79b95 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2537" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Business Intelligence Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index 44cb9028372..a6e479844e1 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2538" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebCenter Sites", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index 06380809215..141b8e08d99 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2539" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebCenter Sites", - "version":{ - "version_data":[ - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index dde087cbc9d..a52fb25e9a0 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2540" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index 7512c2b923d..c9a11a52f9f 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2541" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index ced9eb0df63..1333b80dabd 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2542" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 9ed1ed461c8..3369fa398bd 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2543" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index b89392ca235..9373b3a55a0 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2544" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 6f44f187216..2d07ac52464 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,92 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2545" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"HTTP Server", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Service", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Security Service", - "version":{ - "version_data":[ - { - "version_value":"11.1.1.9.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 7e0f2522340..454a3166038 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2546" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index f641efafc40..f7fd2cc1350 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2547" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index fa71f2ca11b..2852deaccc1 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2548" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 25edd4e3039..209dfd4be6f 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2549" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 8fca117ba6d..5c85aa271d5 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2550" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index 2812a8caedf..ac232d129f9 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2551" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index e720f81749d..86a80e386dc 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2552" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"WebLogic Server", - "version":{ - "version_data":[ - { - "version_value":"10.3.6.0.0", - "version_affected":"=" - }, - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 1984ec04181..ea801cab19a 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2555" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Coherence", - "version":{ - "version_data":[ - { - "version_value":"12.1.3.0.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.3.0", - "version_affected":"=" - }, - { - "version_value":"12.2.1.4.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Coherence", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index 53e8bf47084..ea8d6a3d9ee 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,76 +1,79 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2556" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Primavera P6 Professional Project Management", - "version":{ - "version_data":[ - { - "version_value":"16.2.0.0-16.2.19.0", - "version_affected":"=" - }, - { - "version_value":"17.12.0.0-17.12.16.0", - "version_affected":"=" - }, - { - "version_value":"18.8.0.0-18.8.16.0", - "version_affected":"=" - }, - { - "version_value":"19.12.0.0", - "version_affected":"=" - }, - { - "version_value":"20.1.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Professional Project Management", + "version": { + "version_data": [ + { + "version_value": "16.2.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.12.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.8.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + }, + { + "version_value": "20.1.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 5329af079d2..86e11cd98e4 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2557" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Demantra Demand Management", - "version":{ - "version_data":[ - { - "version_value":"12.2.4", - "version_affected":"=" - }, - { - "version_value":"12.2.4.1", - "version_affected":"=" - }, - { - "version_value":"12.2.5", - "version_affected":"=" - }, - { - "version_value":"12.2.5.1", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Demantra Demand Management", + "version": { + "version_data": [ + { + "version_value": "12.2.4", + "version_affected": "=" + }, + { + "version_value": "12.2.4.1", + "version_affected": "=" + }, + { + "version_value": "12.2.5", + "version_affected": "=" + }, + { + "version_value": "12.2.5.1", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index e2a28de3e8d..e85b5506a60 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2558" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 06d4b86f18a..02ab583e402 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2559" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.7 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.7 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 32592a22921..9c0020f540c 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2560" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.10 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index 9b38cdd80cd..c6ef94f8e77 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2561" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise HCM Human Resources", - "version":{ - "version_data":[ - { - "version_value":"9.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Human Resources", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 0667f01c153..5d80b8718ff 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2563" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hyperion Financial Close Management", - "version":{ - "version_data":[ - { - "version_value":"11.1.2.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Close Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index 335ac7222bf..fc298075549 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2564" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Siebel UI Framework", - "version":{ - "version_data":[ - { - "version_value":"19.10 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index a55610abb65..ff3b123ee45 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2565" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 504b9621b85..2218a192d99 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2566" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Applications Framework", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index a47b46691a0..9075e6ae114 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2567" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Retail Customer Management and Segmentation Foundation", - "version":{ - "version_data":[ - { - "version_value":"18.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "18.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index d7eea740f00..91d45be5a79 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,72 +1,75 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2568" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Oracle Database", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.2", - "version_affected":"=" - }, - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index 16ee81fb72d..0a9b76526f5 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2569" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PL/SQL", - "version":{ - "version_data":[ - { - "version_value":"12.2.0.1", - "version_affected":"=" - }, - { - "version_value":"18c", - "version_affected":"=" - }, - { - "version_value":"19c", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PL/SQL", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index 6386293dce6..020ac4070aa 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2570" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index f3c37180341..c2df03f6452 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2571" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"LDOMS", - "version":{ - "version_data":[ - { - "version_value":"3.6", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LDOMS", + "version": { + "version_data": [ + { + "version_value": "3.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index 3110b7c09de..d4ee5749ddf 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2572" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From 5b155b0e52499d993e85e5683442dc8b6c96e33f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 17:02:03 +0000 Subject: [PATCH 22/24] "-Synchronized-Data." --- 2020/2xxx/CVE-2020-2573.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2574.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2576.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2577.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2578.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2579.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2580.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2581.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2582.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2583.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2584.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2585.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2586.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2587.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2588.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2589.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2590.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2591.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2592.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2593.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2595.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2596.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2597.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2598.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2599.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2600.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2601.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2602.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2603.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2604.json | 137 ++++++++++++++++------------------- 2020/2xxx/CVE-2020-2605.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2606.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2607.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2608.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2609.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2610.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2611.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2612.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2613.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2614.json | 121 ++++++++++++++++--------------- 2020/2xxx/CVE-2020-2615.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2616.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2617.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2618.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2619.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2620.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2621.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2622.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2623.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2624.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2625.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2626.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2627.json | 113 +++++++++++++++-------------- 2020/2xxx/CVE-2020-2628.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2629.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2630.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2631.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2632.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2633.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2634.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2635.json | 129 +++++++++++++++++---------------- 2020/2xxx/CVE-2020-2636.json | 129 +++++++++++++++++---------------- 62 files changed, 3908 insertions(+), 3738 deletions(-) diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 46b05f87ec9..772e62cb391 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2573" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 4d89b02fe57..1ffef79e5a9 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2574" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.6.46 and prior", - "version_affected":"=" - }, - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index ff735a6ab39..c517b987a1e 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2576" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Outside In Technology", - "version":{ - "version_data":[ - { - "version_value":"8.5.4", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index f1569a4407a..e590d4f7a8d 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2577" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index ed4dfc4867f..e44c71a6b09 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2578" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index 002cc16bd57..f2f4d4cc260 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2579" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.6.46 and prior", - "version_affected":"=" - }, - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index 00f9ef49d1a..4e947188ab0 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2580" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.17 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 6cc9f391435..1e6b1f4e667 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2581" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 86d82bbfe8c..648375318bd 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2582" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"iStore", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 82e41035987..9a1970defc0 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2583" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index 5836fca7b7e..367967e871c 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2584" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 07517dafb0a..94d462c498d 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2585" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 8u241", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u241", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index 6a9c35f0bbd..75edf093dc4 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2586" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Human Resources", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 64d379b34c5..7e469a6e677 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2587" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Human Resources", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index 902f3991c42..c658909b5b1 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2588" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index e6168b3be8c..c2f29e11104 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2589" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"5.7.28 and prior", - "version_affected":"=" - }, - { - "version_value":"8.0.17 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 99050b1505d..04d01e266ce 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2590" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index ec9d279ca17..1d93745814f 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2591" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Web Applications Desktop Integrator", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Applications Desktop Integrator", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 74f63535e9e..745cf5a3944 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2592" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"AutoVue 3D Professional Advanced", - "version":{ - "version_data":[ - { - "version_value":"12.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AutoVue 3D Professional Advanced", + "version": { + "version_data": [ + { + "version_value": "12.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index fb78fbe6594..b36fda31709 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2593" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 1ab2e30f05a..7668d5dc404 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2595" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 453f0795c53..829383c59c4 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2596" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"CRM Technical Foundation", - "version":{ - "version_data":[ - { - "version_value":"12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index a84137f19cd..f4428e79072 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2597" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"One-to-One Fulfillment", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index 3533590ce2e..13eda422ce0 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2598" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index c75d399a110..164f7e68075 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2599" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Hospitality Cruise Materials Management", - "version":{ - "version_data":[ - { - "version_value":"7.30.567", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Materials Management", + "version": { + "version_data": [ + { + "version_value": "7.30.567", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index f1b622745f4..a3e8de7839c 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2600" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 7148255f004..be16fd71ca2 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2601" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index c60f27465a4..ea27825b733 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2602" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index c5d44a27599..3c86e390995 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2603" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Field Service", - "version":{ - "version_data":[ - { - "version_value":"12.1.1-12.1.3", - "version_affected":"=" - }, - { - "version_value":"12.2.3-12.2.9", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Field Service", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 3b0144c8640..f3eeeff161d 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -1,80 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2604" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"GraalVM Enterprise Edition", - "version":{ - "version_data":[ - { - "version_value":"19.3.0.2", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation", - "product":{ - "product_data":[ - { - "product_name":"Java", - "version":{ - "version_data":[ - { - "version_value":"Java SE: 7u241, 8u231, 11.0.5, 13.0.1", - "version_affected":"=" - }, - { - "version_value":"Java SE Embedded: 8u231", - "version_affected":"=" - } - ] - } - } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 2be9251b6e8..877bcc7bf76 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2605" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Solaris Operating System", - "version":{ - "version_data":[ - { - "version_value":"11", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index 679a6b3a503..bf9d5b40f17 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2606" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index 8537ed75fc9..c5dcadcf98d 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2607" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"PeopleSoft Enterprise PT PeopleTools", - "version":{ - "version_data":[ - { - "version_value":"8.56", - "version_affected":"=" - }, - { - "version_value":"8.57", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index ce6205caf23..87d7ecb8073 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2608" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 0448dc98d18..2971e1fc080 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2609" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index 37ef3827c53..3248baa9bb9 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2610" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 1ced91f842c..81ebe9f4940 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2611" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index 6b3cb3388f9..648f97a812d 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2612" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index 237e2d39930..a9c2a833f7f 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2613" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 498663663e9..2f6a1f12a85 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,64 +1,67 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2614" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"APM - Application Performance Management", - "version":{ - "version_data":[ - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "APM - Application Performance Management", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index 0fb73b17672..3e7205b1d89 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2615" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index f7cf0c27815..f30987f53b9 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2616" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index ded385130cb..8d6f3168f06 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2617" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index 6b77def742b..04f6fac44aa 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2618" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index bd55395b1f2..634103bd779 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2619" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 7703a98bd95..9162c754ec8 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2620" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 7f94581f2f9..9abdb5cc057 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2621" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 9480ca56107..9df1cf01ebc 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2622" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 6fac7e44f5d..88694f1eae6 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2623" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index 12fc43272eb..bb86411f2d9 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2624" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index cd9963f28c9..437799b0d97 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2625" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index a2466dc6bc5..99d09edaaaf 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2626" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index 7195091eb14..94a913e1492 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,60 +1,63 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2627" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"MySQL Server", - "version":{ - "version_data":[ - { - "version_value":"8.0.18 and prior", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index 54dc05c231e..8484a6f3cc7 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2628" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index 419480d0dbd..b2eb3fc1615 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2629" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index 952d1a65680..f6a2e2c5bf3 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2630" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index dfa18a0fb15..dc0ef918189 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2631" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index abaee4343e8..38bb2b72f59 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2632" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 474d7302204..18cde616211 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2633" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index f0c2677f558..fb3f7ab5568 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2634" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index 6607b002488..b78ed3db116 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2635" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index a2e7a58d8b3..b94f8784d92 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,68 +1,71 @@ - { - "CVE_data_meta":{ - "ASSIGNER":"secalert_us@oracle.com", - "ID":"CVE-2020-2636" - }, - "affects":{ - "vendor":{ - "vendor_data":[ - { - "product":{ - "product_data":[ - { - "product_name":"Enterprise Manager Base Platform", - "version":{ - "version_data":[ - { - "version_value":"12.1.0.5", - "version_affected":"=" - }, - { - "version_value":"13.2.0.0", - "version_affected":"=" - }, - { - "version_value":"13.3.0.0", - "version_affected":"=" - } - ] - } +{ + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name":"Oracle Corporation" - } - ] - } - }, - "data_format":"MITRE", - "data_type":"CVE", - "data_version":"4.0", - "description":{ - "description_data":[ - { - "lang":"eng", - "value":"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang":"eng", - "value":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + } + ] } +} \ No newline at end of file From df848aad32ee042f345da7d86683b53b00d9bd48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 18:01:22 +0000 Subject: [PATCH 23/24] "-Synchronized-Data." --- 2014/6xxx/CVE-2014-6448.json | 48 ++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/2014/6xxx/CVE-2014-6448.json b/2014/6xxx/CVE-2014-6448.json index 0c359776b26..344be14e110 100644 --- a/2014/6xxx/CVE-2014-6448.json +++ b/2014/6xxx/CVE-2014-6448.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6448", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695" } ] } From e7d9cca4978470e4c49fd95776f271c0550e12e9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2020 18:01:43 +0000 Subject: [PATCH 24/24] "-Synchronized-Data." --- 2009/1xxx/CVE-2009-1120.json | 55 ++++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5071.json | 53 ++++++++++++++++++++++++++++++-- 2015/5xxx/CVE-2015-5072.json | 53 ++++++++++++++++++++++++++++++-- 2017/5xxx/CVE-2017-5645.json | 5 ++++ 2018/18xxx/CVE-2018-18811.json | 14 ++++----- 2019/17xxx/CVE-2019-17571.json | 5 ++++ 2019/18xxx/CVE-2019-18218.json | 5 ++++ 2019/18xxx/CVE-2019-18675.json | 5 ++++ 2019/5xxx/CVE-2019-5094.json | 5 ++++ 9 files changed, 186 insertions(+), 14 deletions(-) diff --git a/2009/1xxx/CVE-2009-1120.json b/2009/1xxx/CVE-2009-1120.json index 02f3382c1ac..a3143629541 100644 --- a/2009/1xxx/CVE-2009-1120.json +++ b/2009/1xxx/CVE-2009-1120.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@dell.com", "ID": "CVE-2009-1120", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RepliStor", + "version": { + "version_data": [ + { + "version_value": "before ESA-09-003" + } + ] + } + } + ] + }, + "vendor_name": "EMC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/", + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution", + "url": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution" } ] } diff --git a/2015/5xxx/CVE-2015-5071.json b/2015/5xxx/CVE-2015-5071.json index 5ed5f6b6ff5..cc886668b4a 100644 --- a/2015/5xxx/CVE-2015-5071.json +++ b/2015/5xxx/CVE-2015-5071.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5071", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" + }, + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" } ] } diff --git a/2015/5xxx/CVE-2015-5072.json b/2015/5xxx/CVE-2015-5072.json index c9c26c08657..8af3018723d 100644 --- a/2015/5xxx/CVE-2015-5072.json +++ b/2015/5xxx/CVE-2015-5072.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5072", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 0fa1fef0de6..40d0772d00c 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -311,6 +311,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" } ] } diff --git a/2018/18xxx/CVE-2018-18811.json b/2018/18xxx/CVE-2018-18811.json index 1316485b592..70ea1360036 100644 --- a/2018/18xxx/CVE-2018-18811.json +++ b/2018/18xxx/CVE-2018-18811.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18811", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 8dbb2465404..0cc132fb3de 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -193,6 +193,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index 7b6c8d6ca04..02d3c488d50 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-18036b898e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" } ] } diff --git a/2019/18xxx/CVE-2019-18675.json b/2019/18xxx/CVE-2019-18675.json index 97c3e74b214..ae5bfe42661 100644 --- a/2019/18xxx/CVE-2019-18675.json +++ b/2019/18xxx/CVE-2019-18675.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429" } ] } diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index 26704dec92f..e6abbd57a29 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -73,6 +73,11 @@ "refsource": "UBUNTU", "name": "USN-4142-1", "url": "https://usn.ubuntu.com/4142-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0002/" } ] },