admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-05 21:01:20 +00:00
parent 3e67b84ee1
commit 9f6528026a
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 246 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
2020/10xxx/CVE-2020-10630.json
View File

@ -4,14 +4,67 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU)",
"version": {
"version_data": [
{
"version_value": "FW-50 RTU, Series: 5 Series"
},
{
"version_value": "CPU-type: CPU-5B"
},
{
"version_value": "Hardware Revision: 2"
},
{
"version_value": "CPLD Revision: 6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/ICSA2012602",
"url": "https://www.us-cert.gov/ics/advisories/ICSA2012602"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users."
}
]
}

59
2020/10xxx/CVE-2020-10634.json
View File

@ -4,14 +4,67 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU)",
"version": {
"version_data": [
{
"version_value": "FW-50 RTU, Series: 5 Series"
},
{
"version_value": "CPU-type: CPU-5B"
},
{
"version_value": "Hardware Revision: 2"
},
{
"version_value": "CPLD Revision: 6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/ICSA2012602",
"url": "https://www.us-cert.gov/ics/advisories/ICSA2012602"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible."
}
]
}

56
2020/10xxx/CVE-2020-10859.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html",
"url": "https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html"
}
]
}

2
2020/11xxx/CVE-2020-11051.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel.\n\nThe rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor.\n\nThis has been patched in 2.3.81."
"value": "In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81."
}
]
},

7
2020/11xxx/CVE-2020-11443.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The MSI installer in Zoom before 4.6.10 on Windows follows Symbolic Links."
"value": "The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user."
}
]
},
@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows",
"url": "https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows"
},
{
"refsource": "CONFIRM",
"name": "https://support.zoom.us/hc/en-us/articles/360043036451",
"url": "https://support.zoom.us/hc/en-us/articles/360043036451"
}
]
}

10
2020/12xxx/CVE-2020-12459.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"name": "https://github.com/grafana/grafana/issues/8283"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827765",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1827765"
},
{
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/CVE-2020-12459",
@ -71,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724"
},
{
"refsource": "CONFIRM",
"name": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277",
"url": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277"
}
]
}

18
2020/12xxx/CVE-2020-12662.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12663.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12664.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/12xxx/CVE-2020-12665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}