admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-30 19:01:39 +00:00
parent a2ac1fb07f
commit 97407c2a6f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 286 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2020/11xxx/CVE-2020-11963.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection."
"value": "** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

12
2020/11xxx/CVE-2020-11964.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily."
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

12
2020/11xxx/CVE-2020-11965.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH."
"value": "** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

12
2020/11xxx/CVE-2020-11966.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily."
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

12
2020/11xxx/CVE-2020-11967.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control."
"value": "** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

12
2020/11xxx/CVE-2020-11968.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control."
"value": "** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://pastebin.com/grSCSBSu",
"url": "https://pastebin.com/grSCSBSu"
},
{
"refsource": "MISC",
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"refsource": "MISC",
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}

56
2020/17xxx/CVE-2020-17901.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/AvaterXXX/PbootCMS/blob/master/CSRF.md",
"refsource": "MISC",
"name": "https://github.com/AvaterXXX/PbootCMS/blob/master/CSRF.md"
}
]
}

10
2020/29xxx/CVE-2020-29127.json
View File

@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160255/Fujitsu-Eternus-Storage-DX200-S4-Broken-Authentication.html",
"url": "http://packetstormsecurity.com/files/160255/Fujitsu-Eternus-Storage-DX200-S4-Broken-Authentication.html"
},
{
"refsource": "MISC",
"name": "https://cxsecurity.com/issue/WLB-2020110215",
"url": "https://cxsecurity.com/issue/WLB-2020110215"
},
{
"refsource": "MISC",
"name": "https://seccops.com/fujitsu-eternus-storage-dx200-s4-broken-authentication/",
"url": "https://seccops.com/fujitsu-eternus-storage-dx200-s4-broken-authentication/"
}
]
}

10
2020/29xxx/CVE-2020-29128.json
View File

@ -76,6 +76,16 @@
"url": "https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8",
"refsource": "MISC",
"name": "https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8"
},
{
"refsource": "MISC",
"name": "https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347",
"url": "https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347"
},
{
"refsource": "MISC",
"name": "https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md",
"url": "https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md"
}
]
}

2
2020/29xxx/CVE-2020-29364.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In NetArt News Lister 1.0.0, news headlines are vulnerable to stored XSS."
"value": "In NetArt News Lister 1.0.0, the news headlines are vulnerable to stored xss. Attackers can inject codes to title value. After that when victims visit the news, xss fires."
}
]
},

18
2020/29xxx/CVE-2020-29393.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/29xxx/CVE-2020-29394.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/GENIVI/dlt-daemon/issues/274",
"refsource": "MISC",
"name": "https://github.com/GENIVI/dlt-daemon/issues/274"
},
{
"url": "https://github.com/GENIVI/dlt-daemon/pull/275",
"refsource": "MISC",
"name": "https://github.com/GENIVI/dlt-daemon/pull/275"
}
]
}
}

67
2020/6xxx/CVE-2020-6317.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Adaptive Server Enterprise",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "15.7"
},
{
"version_name": "<",
"version_value": "16.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.6",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2953203",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2953203"
}
]
}