mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
commit
aa1484c4a5
@ -86,6 +86,11 @@
|
||||
"name": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29"
|
||||
},
|
||||
{
|
||||
"refsource": "JVN",
|
||||
"name": "JVN#62161191",
|
||||
"url": "http://jvn.jp/en/jp/JVN62161191/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -79,6 +79,11 @@
|
||||
"name": "97394",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/97394"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html",
|
||||
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack."
|
||||
"value": "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -71,6 +71,11 @@
|
||||
"refsource": "BID",
|
||||
"name": "108470",
|
||||
"url": "http://www.securityfocus.com/bid/108470"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html",
|
||||
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -56,6 +56,11 @@
|
||||
"name": "https://github.com/sass/libsass/issues/2664",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/sass/libsass/issues/2664"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sass/libsass/releases",
|
||||
"url": "https://github.com/sass/libsass/releases"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4252-1",
|
||||
"url": "https://usn.ubuntu.com/4252-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
|
||||
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -67,6 +67,11 @@
|
||||
"name": "107069",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/107069"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1105",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -53,6 +53,11 @@
|
||||
"refsource": "REDHAT",
|
||||
"name": "RHSA-2019:3771",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2019:3771"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1105",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -86,6 +86,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0024",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "CERT-VN",
|
||||
"name": "VU#927237",
|
||||
"url": "https://www.kb.cert.org/vuls/id/927237"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
|
||||
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20190710-0002/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20190710-0002/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202003-65",
|
||||
"url": "https://security.gentoo.org/glsa/202003-65"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202003-65",
|
||||
"url": "https://security.gentoo.org/glsa/202003-65"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -71,6 +71,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2019-3d5f61419f",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1961-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1961-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0892",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1105",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -86,6 +86,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection",
|
||||
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html",
|
||||
"url": "http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html",
|
||||
"url": "http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -56,6 +56,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://pastebin.com/TEJdu9LN",
|
||||
"url": "https://pastebin.com/TEJdu9LN"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158614/pfSense-2.4.4-p3-Cross-Site-Request-Forgery.html",
|
||||
"url": "http://packetstormsecurity.com/files/158614/pfSense-2.4.4-p3-Cross-Site-Request-Forgery.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -116,6 +116,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20191107-0005/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20191107-0005/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4428-1",
|
||||
"url": "https://usn.ubuntu.com/4428-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -71,6 +71,11 @@
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4722",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4722"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2019-948e6ebaeb",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR/"
|
||||
},
|
||||
{
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202007-17",
|
||||
"url": "https://security.gentoo.org/glsa/202007-17"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -86,6 +86,11 @@
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4284-1",
|
||||
"url": "https://usn.ubuntu.com/4284-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html",
|
||||
"url": "http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html",
|
||||
"url": "http://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0935",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -71,6 +71,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-e9251de272",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4428-1",
|
||||
"url": "https://usn.ubuntu.com/4428-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20200720 Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2020/07/20/6"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -91,6 +91,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0696",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4428-1",
|
||||
"url": "https://usn.ubuntu.com/4428-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-d0737711b6",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-1",
|
||||
"url": "https://usn.ubuntu.com/4430-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-2",
|
||||
"url": "https://usn.ubuntu.com/4430-2/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-d0737711b6",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-1",
|
||||
"url": "https://usn.ubuntu.com/4430-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-2",
|
||||
"url": "https://usn.ubuntu.com/4430-2/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-d0737711b6",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-2",
|
||||
"url": "https://usn.ubuntu.com/4430-2/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,35 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-10600",
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"STATE": "PUBLIC"
|
||||
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
|
||||
"ID": "CVE-2020-10600",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "OSIsoft PI System"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OSIsoft PI System multiple products and versions",
|
||||
"product_name": "PI Data Archive",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "OSIsoft PI System multiple products and versions"
|
||||
"version_affected": "<",
|
||||
"version_value": "2018 SP2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"vendor_name": "OSIsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
@ -46,17 +82,19 @@
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive."
|
||||
}
|
||||
]
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Fully configure Windows authentication for the PI System and disable legacy authentication methods. For a starting point on PI System security best practices, see knowledge base article KB00833 -Seven best practices for securing your PI Server. (https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833)"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "ICSA-20-133-02 OSIsoft PI System",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
@ -1,18 +1,70 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
|
||||
"ID": "CVE-2020-10609",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CIM 500",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "v06.16.00"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Grundfos"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
@ -1,18 +1,100 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
|
||||
"ID": "CVE-2020-10643",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "OSIsoft PI System"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PI Vision",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "2019"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "OSIsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Limit write access to PI Vision displays to trusted users. \n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "ICSA-20-133-02 OSIsoft PI System",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
@ -88,6 +88,11 @@
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4411-1",
|
||||
"url": "https://usn.ubuntu.com/4411-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -86,6 +86,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-d0737711b6",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-1",
|
||||
"url": "https://usn.ubuntu.com/4430-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-2",
|
||||
"url": "https://usn.ubuntu.com/4430-2/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -128,6 +128,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202007-03",
|
||||
"url": "https://security.gentoo.org/glsa/202007-03"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1106",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -118,6 +118,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202007-03",
|
||||
"url": "https://security.gentoo.org/glsa/202007-03"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1106",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -81,6 +81,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-d0737711b6",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-1",
|
||||
"url": "https://usn.ubuntu.com/4430-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4430-2",
|
||||
"url": "https://usn.ubuntu.com/4430-2/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -57,11 +57,6 @@
|
||||
"name": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/",
|
||||
"url": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/",
|
||||
"url": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://docs.opsramp.com/about/release-notes/summer-2020-update/#simplified-gateway-appliance-accounts",
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0892",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1105",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4722",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4722"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-12460",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-12460",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://sourceforge.net/projects/opendmarc/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sourceforge.net/projects/opendmarc/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/trusteddomainproject/OpenDMARC/issues/64",
|
||||
"url": "https://github.com/trusteddomainproject/OpenDMARC/issues/64"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html",
|
||||
"url": "http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control",
|
||||
"url": "https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-12845",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-12845",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/cherokee/webserver/releases",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/cherokee/webserver/releases"
|
||||
},
|
||||
{
|
||||
"url": "http://cherokee-project.com/downloads.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://cherokee-project.com/downloads.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/cherokee/webserver/issues/1242",
|
||||
"url": "https://github.com/cherokee/webserver/issues/1242"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-12880",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-12880",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://kb.pulsesecure.net/?atype=sa",
|
||||
"refsource": "MISC",
|
||||
"name": "https://kb.pulsesecure.net/?atype=sa"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
|
||||
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -111,6 +111,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html",
|
||||
"url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1105",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1060",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1106",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -71,6 +71,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4431-1",
|
||||
"url": "https://usn.ubuntu.com/4431-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -63,6 +63,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20200724-0003/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1102",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -63,6 +63,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20200724-0003/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1102",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0935",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4427-1",
|
||||
"url": "https://usn.ubuntu.com/4427-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1087",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1095",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202007-03",
|
||||
"url": "https://security.gentoo.org/glsa/202007-03"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1106",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -76,6 +76,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -81,6 +81,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1056",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4434-1",
|
||||
"url": "https://usn.ubuntu.com/4434-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -106,6 +106,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20200724-0004/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20200724-0004/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4428-1",
|
||||
"url": "https://usn.ubuntu.com/4428-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -74,6 +74,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -74,6 +74,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -78,6 +78,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-e418151dc3",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -78,6 +78,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-e418151dc3",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -83,6 +83,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-5d0b4a2b5b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
|
||||
},
|
||||
{
|
||||
"refsource": "UBUNTU",
|
||||
"name": "USN-4433-1",
|
||||
"url": "https://usn.ubuntu.com/4433-1/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4734",
|
||||
"url": "https://www.debian.org/security/2020/dsa-4734"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -56,6 +56,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.supremainc.com/en/support/biostar-2-pakage.asp",
|
||||
"url": "https://www.supremainc.com/en/support/biostar-2-pakage.asp"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html",
|
||||
"url": "http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,18 +1,93 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"ID": "CVE-2020-15103",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Integer Overflow in FreeRDP"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "FreeRDP",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "<= 2.1.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "FreeRDP"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 3.5,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-680: Integer Overflow to Buffer Overflow"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/FreeRDP/FreeRDP/pull/6382",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/FreeRDP/FreeRDP/pull/6382"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-4r38-6hq7-j3j9",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
@ -1,18 +1,88 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"ID": "CVE-2020-15120",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Authorization Bypass in I hate money"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ihatemoney",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "< 4.1.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "spiral-project"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "{\"CWE-863\":\"Incorrect Authorization\"}"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/spiral-project/ihatemoney/commit/8d77cf5d5646e1d2d8ded13f0660638f57e98471",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/spiral-project/ihatemoney/commit/8d77cf5d5646e1d2d8ded13f0660638f57e98471"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-67j9-c52g-w2q9",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
@ -71,6 +71,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.inneo.de/files/content/Produktentwicklung/Tools-und-Erweiterungen/Startup-TOOLS/INNEO-SA-SUT-2020-01.pdf",
|
||||
"url": "https://www.inneo.de/files/content/Produktentwicklung/Tools-und-Erweiterungen/Startup-TOOLS/INNEO-SA-SUT-2020-01.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/158556/INNEO-Startup-TOOLS-2018-M040-13.0.70.3804-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/158556/INNEO-Startup-TOOLS-2018-M040-13.0.70.3804-Remote-Code-Execution.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -71,6 +71,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1087",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:1095",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15592",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-15592",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the \"%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins\u201d directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the \u201c.\\plugins\u201d string, a directory traversal vulnerability exists in the way plugins are resolved."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem",
|
||||
"url": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/",
|
||||
"url": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15593",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2020-15593",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the \"%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins\u201d directory and execute code contained in them."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem",
|
||||
"url": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/",
|
||||
"url": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
18
2020/15xxx/CVE-2020-15955.json
Normal file
18
2020/15xxx/CVE-2020-15955.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15955",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15956.json
Normal file
18
2020/15xxx/CVE-2020-15956.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15956",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15957.json
Normal file
18
2020/15xxx/CVE-2020-15957.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15957",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15958.json
Normal file
18
2020/15xxx/CVE-2020-15958.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15958",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15959.json
Normal file
18
2020/15xxx/CVE-2020-15959.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15959",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15960.json
Normal file
18
2020/15xxx/CVE-2020-15960.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15960",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15961.json
Normal file
18
2020/15xxx/CVE-2020-15961.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15961",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15962.json
Normal file
18
2020/15xxx/CVE-2020-15962.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15962",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15963.json
Normal file
18
2020/15xxx/CVE-2020-15963.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15963",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15964.json
Normal file
18
2020/15xxx/CVE-2020-15964.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15964",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2020/15xxx/CVE-2020-15965.json
Normal file
18
2020/15xxx/CVE-2020-15965.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-15965",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user