admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-15 19:01:34 +00:00
parent df7874b6fa
commit ab25f08058
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 295 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/18xxx/CVE-2019-18244.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18244",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Vision",
"version": {
"version_data": [
{
"version_value": "PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCLUSION OF SENSITIVE INFORMATION IN LOG FILES CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019. The affected product records the service account password in the installation log files when a non-default service account and password are specified during installation or upgrade."
}
]
}
}

62
2019/18xxx/CVE-2019-18271.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18271",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Vision",
"version": {
"version_data": [
{
"version_value": "All versions of PI Vision prior to 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site."
}
]
}
}

62
2019/18xxx/CVE-2019-18273.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18273",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Vision",
"version": {
"version_data": [
{
"version_value": "PI Vision 2017 R2 and PI Vision 2017 R2 SP1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced."
}
]
}
}

62
2019/18xxx/CVE-2019-18275.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18275",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Vision",
"version": {
"version_data": [
{
"version_value": "All versions of PI Vision prior to 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes."
}
]
}
}

50
2020/1xxx/CVE-2020-1929.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Beam",
"version": {
"version_data": [
{
"version_value": "2.10.0 to 2.16.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[beam-user] 20200115 [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification",
"url": "https://lists.apache.org/thread.html/rdd0e85b71bf0274471b40fa1396d77f7b2d1165eaea4becbdc69aa04%40%3Cuser.beam.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust checking for any code running in the same JVM."
}
]
}

5
2020/2xxx/CVE-2020-2092.json
View File

@ -57,11 +57,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2093.json
View File

@ -57,11 +57,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2094.json
View File

@ -57,11 +57,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2095.json
View File

@ -57,11 +57,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2096.json
View File

@ -61,11 +61,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2097.json
View File

@ -61,11 +61,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}

5
2020/2xxx/CVE-2020-2098.json
View File

@ -61,11 +61,6 @@
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/15/1"
}
]
}