admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-15 15:01:33 +00:00
parent 9333e7b3a2
commit 9668e3c173
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 784 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2020/11xxx/CVE-2020-11641.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11641",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SiteManager Local File Inclusion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

81
2020/11xxx/CVE-2020-11642.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11642",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SiteManager Denial of Service via Local File Inclusion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

92
2020/11xxx/CVE-2020-11643.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GateManager Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

92
2020/11xxx/CVE-2020-11644.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GateManager Audit Message Spoofing Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117 Improper Output Neutralization for Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

92
2020/11xxx/CVE-2020-11645.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11645",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GateManager Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

92
2020/11xxx/CVE-2020-11646.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11646",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GateManager Log Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "<",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B&R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2020/21xxx/CVE-2020-21674.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libarchive/libarchive/issues/1298",
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/issues/1298"
},
{
"url": "https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4",
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4"
}
]
}

50
2020/6xxx/CVE-2020-6104.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "F2FS-Tools",
"version": {
"version_data": [
{
"version_value": "F2fs-Tools F2fs.Fsck 1.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6105.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "F2fs-Tools",
"version": {
"version_data": [
{
"version_value": "F2fs-Tools F2fs.Fsck 1.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6106.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "F2fs-Tools",
"version": {
"version_data": [
{
"version_value": "F2fs-Tools F2fs.Fsck 1.12, F2fs-Tools F2fs.Fsck 1.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect calculation of buffer size"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6107.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "F2fs-Tools",
"version": {
"version_data": [
{
"version_value": "F2fs-Tools F2fs.Fsck 1.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6108.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "F2fs-Tools",
"version": {
"version_data": [
{
"version_value": "F2fs-Tools F2fs.Fsck 1.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect calculation of buffer size"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}