Merge pull request #304 from CVEProject/master

XFA Rebase
This commit is contained in:
Scott Moore 2020-07-28 08:00:26 -04:00 committed by GitHub
commit aa1484c4a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
240 changed files with 4570 additions and 111 deletions

View File

@ -86,6 +86,11 @@
"name": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29",
"refsource": "CONFIRM",
"url": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29"
},
{
"refsource": "JVN",
"name": "JVN#62161191",
"url": "http://jvn.jp/en/jp/JVN62161191/index.html"
}
]
}

View File

@ -79,6 +79,11 @@
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html"
}
]
},

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack."
"value": "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack."
}
]
},
@ -71,6 +71,11 @@
"refsource": "BID",
"name": "108470",
"url": "http://www.securityfocus.com/bid/108470"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html"
}
]
}

View File

@ -56,6 +56,11 @@
"name": "https://github.com/sass/libsass/issues/2664",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/issues/2664"
},
{
"refsource": "MISC",
"name": "https://github.com/sass/libsass/releases",
"url": "https://github.com/sass/libsass/releases"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -91,6 +91,11 @@
"refsource": "UBUNTU",
"name": "USN-4252-1",
"url": "https://usn.ubuntu.com/4252-1/"
},
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
}

View File

@ -67,6 +67,11 @@
"name": "107069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107069"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
}
]
}

View File

@ -53,6 +53,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3771",
"url": "https://access.redhat.com/errata/RHSA-2019:3771"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
}
]
},

View File

@ -86,6 +86,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0024",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "CERT-VN",
"name": "VU#927237",
"url": "https://www.kb.cert.org/vuls/id/927237"
},
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
},

View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190710-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190710-0002/"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
}

View File

@ -91,6 +91,11 @@
"refsource": "GENTOO",
"name": "GLSA-202003-65",
"url": "https://security.gentoo.org/glsa/202003-65"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -61,6 +61,11 @@
"refsource": "GENTOO",
"name": "GLSA-202003-65",
"url": "https://security.gentoo.org/glsa/202003-65"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-3d5f61419f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
}
]
}

View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1961-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
}
]
}

View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1961-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
}
]
}

View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0892",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
}
]
}

View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection",
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html"
}
]
}

View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://pastebin.com/TEJdu9LN",
"url": "https://pastebin.com/TEJdu9LN"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158614/pfSense-2.4.4-p3-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/158614/pfSense-2.4.4-p3-Cross-Site-Request-Forgery.html"
}
]
}

View File

@ -116,6 +116,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191107-0005/",
"url": "https://security.netapp.com/advisory/ntap-20191107-0005/"
},
{
"refsource": "UBUNTU",
"name": "USN-4428-1",
"url": "https://usn.ubuntu.com/4428-1/"
}
]
}

View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4722",
"url": "https://www.debian.org/security/2020/dsa-4722"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-948e6ebaeb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202007-17",
"url": "https://security.gentoo.org/glsa/202007-17"
}
]
}

View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4284-1",
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
}

View File

@ -61,6 +61,11 @@
"url": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html",
"url": "http://packetstormsecurity.com/files/158563/WordPress-Email-Subscribers-And-Newsletters-4.2.2-File-Disclosure.html"
}
]
},

View File

@ -61,6 +61,11 @@
"url": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html"
}
]
},

View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0935",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
}

View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e9251de272",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/"
},
{
"refsource": "UBUNTU",
"name": "USN-4428-1",
"url": "https://usn.ubuntu.com/4428-1/"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20200720 Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules",
"url": "http://www.openwall.com/lists/oss-security/2020/07/20/6"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
}

View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0696",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4428-1",
"url": "https://usn.ubuntu.com/4428-1/"
}
]
}

View File

@ -81,6 +81,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d0737711b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-1",
"url": "https://usn.ubuntu.com/4430-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-2",
"url": "https://usn.ubuntu.com/4430-2/"
}
]
}

View File

@ -81,6 +81,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d0737711b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-1",
"url": "https://usn.ubuntu.com/4430-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-2",
"url": "https://usn.ubuntu.com/4430-2/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d0737711b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-2",
"url": "https://usn.ubuntu.com/4430-2/"
}
]
}

View File

@ -1,35 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10600",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
"ID": "CVE-2020-10600",
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI System"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI System multiple products and versions",
"product_name": "PI Data Archive",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI System multiple products and versions"
"version_affected": "<",
"version_value": "2018 SP2"
}
]
}
}
]
}
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versions)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -46,17 +82,19 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive."
}
]
"solution": [
{
"lang": "eng",
"value": "Fully configure Windows authentication for the PI System and disable legacy authentication methods. For a starting point on PI System security best practices, see knowledge base article KB00833 -Seven best practices for securing your PI Server. (https://customers.osisoft.com/s/knowledgearticle?knowledgeArticleUrl=KB00833)"
}
],
"source": {
"advisory": "ICSA-20-133-02 OSIsoft PI System",
"discovery": "EXTERNAL"
}
}

View File

@ -1,18 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
"ID": "CVE-2020-10609",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CIM 500",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v06.16.00"
}
]
}
}
]
},
"vendor_name": "Grundfos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-06-09T00:00:00.000Z",
"ID": "CVE-2020-10643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI System"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Vision",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Knowles, Senior Security Consultant at Applied Risk, reported these vulnerabilities to OSIsoft"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-133-02"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Limit write access to PI Vision displays to trusted users. \n"
}
],
"source": {
"advisory": "ICSA-20-133-02 OSIsoft PI System",
"discovery": "EXTERNAL"
}
}

View File

@ -88,6 +88,11 @@
"refsource": "UBUNTU",
"name": "USN-4411-1",
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
},

View File

@ -86,6 +86,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d0737711b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-1",
"url": "https://usn.ubuntu.com/4430-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-2",
"url": "https://usn.ubuntu.com/4430-2/"
}
]
}

View File

@ -128,6 +128,11 @@
"refsource": "GENTOO",
"name": "GLSA-202007-03",
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1106",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
}
]
},

View File

@ -118,6 +118,11 @@
"refsource": "GENTOO",
"name": "GLSA-202007-03",
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1106",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
}
]
},

View File

@ -81,6 +81,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-d0737711b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-1",
"url": "https://usn.ubuntu.com/4430-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4430-2",
"url": "https://usn.ubuntu.com/4430-2/"
}
]
}

View File

@ -57,11 +57,6 @@
"name": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/",
"url": "https://www.criticalstart.com/hard-coded-administrator-password-discovered-in-opsramp/"
},
{
"refsource": "CONFIRM",
"name": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/",
"url": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/"
},
{
"refsource": "CONFIRM",
"name": "https://docs.opsramp.com/about/release-notes/summer-2020-update/#simplified-gateway-appliance-accounts",

View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0892",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-4722",
"url": "https://www.debian.org/security/2020/dsa-4722"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12460",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/opendmarc/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/opendmarc/"
},
{
"refsource": "MISC",
"name": "https://github.com/trusteddomainproject/OpenDMARC/issues/64",
"url": "https://github.com/trusteddomainproject/OpenDMARC/issues/64"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control",
"url": "https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control"
}
]
}

View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cherokee/webserver/releases",
"refsource": "MISC",
"name": "https://github.com/cherokee/webserver/releases"
},
{
"url": "http://cherokee-project.com/downloads.html",
"refsource": "MISC",
"name": "http://cherokee-project.com/downloads.html"
},
{
"refsource": "MISC",
"name": "https://github.com/cherokee/webserver/issues/1242",
"url": "https://github.com/cherokee/webserver/issues/1242"
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://kb.pulsesecure.net/?atype=sa",
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/?atype=sa"
},
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
}
]
}

View File

@ -111,6 +111,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1106",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
}
]
}

View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4431-1",
"url": "https://usn.ubuntu.com/4431-1/"
}
]
}

View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200724-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1102",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
}
]
},

View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200724-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1102",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
}
]
},

View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0935",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1087",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1095",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "GENTOO",
"name": "GLSA-202007-03",
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1106",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
}
]
}

View File

@ -61,6 +61,11 @@
"url": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553",
"refsource": "MISC",
"name": "https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4434-1",
"url": "https://usn.ubuntu.com/4434-1/"
}
]
}

View File

@ -106,6 +106,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200724-0004/",
"url": "https://security.netapp.com/advisory/ntap-20200724-0004/"
},
{
"refsource": "UBUNTU",
"name": "USN-4428-1",
"url": "https://usn.ubuntu.com/4428-1/"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -74,6 +74,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -74,6 +74,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -78,6 +78,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -78,6 +78,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e418151dc3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -83,6 +83,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5d0b4a2b5b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
},
{
"refsource": "UBUNTU",
"name": "USN-4433-1",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4734",
"url": "https://www.debian.org/security/2020/dsa-4734"
}
]
}

View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://www.supremainc.com/en/support/biostar-2-pakage.asp",
"url": "https://www.supremainc.com/en/support/biostar-2-pakage.asp"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html"
}
]
}

View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Integer Overflow in FreeRDP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "<= 2.1.2"
}
]
}
}
]
},
"vendor_name": "FreeRDP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4",
"refsource": "MISC",
"url": "https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/pull/6382",
"refsource": "MISC",
"url": "https://github.com/FreeRDP/FreeRDP/pull/6382"
}
]
},
"source": {
"advisory": "GHSA-4r38-6hq7-j3j9",
"discovery": "UNKNOWN"
}
}

View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass in I hate money"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ihatemoney",
"version": {
"version_data": [
{
"version_value": "< 4.1.5"
}
]
}
}
]
},
"vendor_name": "spiral-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-863\":\"Incorrect Authorization\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9",
"refsource": "CONFIRM",
"url": "https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9"
},
{
"name": "https://github.com/spiral-project/ihatemoney/commit/8d77cf5d5646e1d2d8ded13f0660638f57e98471",
"refsource": "MISC",
"url": "https://github.com/spiral-project/ihatemoney/commit/8d77cf5d5646e1d2d8ded13f0660638f57e98471"
}
]
},
"source": {
"advisory": "GHSA-67j9-c52g-w2q9",
"discovery": "UNKNOWN"
}
}

View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://www.inneo.de/files/content/Produktentwicklung/Tools-und-Erweiterungen/Startup-TOOLS/INNEO-SA-SUT-2020-01.pdf",
"url": "https://www.inneo.de/files/content/Produktentwicklung/Tools-und-Erweiterungen/Startup-TOOLS/INNEO-SA-SUT-2020-01.pdf"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158556/INNEO-Startup-TOOLS-2018-M040-13.0.70.3804-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/158556/INNEO-Startup-TOOLS-2018-M040-13.0.70.3804-Remote-Code-Execution.html"
}
]
}

View File

@ -56,6 +56,11 @@
"url": "https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf",
"refsource": "MISC",
"name": "https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2292-1] milkytracker security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html"
}
]
}

View File

@ -71,6 +71,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1087",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1095",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html"
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the \"%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins\u201d directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the \u201c.\\plugins\u201d string, a directory traversal vulnerability exists in the way plugins are resolved."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem",
"url": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem"
},
{
"refsource": "MISC",
"name": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/",
"url": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/"
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the \"%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins\u201d directory and execute code contained in them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem",
"url": "https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem"
},
{
"refsource": "MISC",
"name": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/",
"url": "https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

Some files were not shown because too many files have changed in this diff Show More