admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-19 16:01:49 +00:00
parent b7a34f08b3
commit ac294c3a04
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 422 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/11xxx/CVE-2020-11829.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@oppo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "com.coloros.codebook",
"version": {
"version_data": [
{
"version_value": "V2.0.0_5493e40_200722"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722."
}
]
}

50
2020/11xxx/CVE-2020-11830.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11830",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@oppo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "com.oppo.qualityprotect",
"version": {
"version_data": [
{
"version_value": "V2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0."
}
]
}

50
2020/11xxx/CVE-2020-11831.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@oppo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "com.oppo.ovoicemanager",
"version": {
"version_data": [
{
"version_value": "V2.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1."
}
]
}

66
2020/28xxx/CVE-2020-28054.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://voidsec.com",
"refsource": "MISC",
"name": "https://voidsec.com"
},
{
"url": "https://tsmmanager.com",
"refsource": "MISC",
"name": "https://tsmmanager.com"
},
{
"refsource": "MISC",
"name": "https://voidsec.com/tivoli-madness/",
"url": "https://voidsec.com/tivoli-madness/"
}
]
}

18
2020/28xxx/CVE-2020-28941.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2020/4xxx/CVE-2020-4718.json
View File

@ -1,99 +1,99 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6370099",
"title" : "IBM Security Bulletin 6370099 (Jazz Reporting Service)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6370099"
},
{
"name" : "ibm-jazz-cve20204718-xss (187731)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187731",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731."
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
}
]
},
"product_name" : "Jazz Reporting Service"
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6370099",
"title": "IBM Security Bulletin 6370099 (Jazz Reporting Service)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6370099"
},
{
"name": "ibm-jazz-cve20204718-xss (187731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187731",
"title": "X-Force Vulnerability Report"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731."
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
},
"product_name": "Jazz Reporting Service"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"S" : "C",
"AV" : "N",
"I" : "L",
"AC" : "L",
"C" : "L",
"SCORE" : "6.400",
"UI" : "N",
"PR" : "L"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4718",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-18T00:00:00"
},
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"S": "C",
"AV": "N",
"I": "L",
"AC": "L",
"C": "L",
"SCORE": "6.400",
"UI": "N",
"PR": "L"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2020-4718",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-18T00:00:00"
},
"data_format": "MITRE"
}

114
2020/9xxx/CVE-2020-9049.json
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2020-11-19T14:00:00.000Z",
"ID": "CVE-2020-9049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "victor Web Client and C\u2022CURE Web Client JSON Web Token (JWT) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "victor Web Client version 5.6 and prior",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "5.6"
}
]
}
},
{
"product_name": "C\u2022CURE Web Client version 2.90 and prior (Note - This does not affect the new web-based C\u2022CURE 9000 client that was introduced in C\u2022CURE 9000 v2.90)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2.90"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Joachim Kerschbaumer reported this vulnerability to Johnson Controls, Inc."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House C\u2022CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 : Improper Access Control (Authorization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "victor Web Client\n\n\u2022\tvictor Web Client v5.6 and earlier \u2013 upgrade to v5.6 SP1 (victor Unified Client v5.6 SP1)\n\nRegistered users can obtain the software update by downloading the update found here: https://www.americandynamics.net/support/SoftwareDownloads.aspx.\n\nC\u2022CURE Web Client\n\nC\u2022CURE Web v2.60 and earlier - upgrade to a minimum of v2.70 and install the relevant update below.\n\n\u2022\tC\u2022CURE Web v2.70 - install the update WebClient_c2.70_5.2_Update02\n\u2022\tC\u2022CURE Web v2.80 - install the update WebClient_c2.80_v5.4.1_Update04\n\u2022\tC\u2022CURE Web v2.90 - install the update CCureWeb_2.90_Update01 \n\nRegistered users can obtain the software update by downloading the update found here: https://swhouse.com/Support/SoftwareDownloads.aspx."
}
],
"source": {
"discovery": "EXTERNAL"
}
}