admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-19 21:01:29 +00:00
parent 1ac9e101c1
commit b09fb116c2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 376 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2014/9xxx/CVE-2014-9617.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9617",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html",
"url": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html"
}
]
}

73
2015/7xxx/CVE-2015-7747.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7747",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2787-1",
"url": "http://www.ubuntu.com/usn/USN-2787-1"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721",
"url": "https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/10/06/2",
"url": "http://www.openwall.com/lists/oss-security/2015/10/06/2"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170387.html"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2015/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2015/10/08/1"
},
{
"refsource": "MISC",
"name": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch",
"url": "https://github.com/ccrisan/motioneyeos/blob/master/package/audiofile/0008-CVE-2015-7747.patch"
}
]
}

5
2020/1xxx/CVE-2020-1693.json
View File

@ -53,6 +53,11 @@
"url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c",
"name": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c",
"refsource": "MISC"
},
{
"refsource": "MISC",
"name": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/",
"url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"
}
]
},

53
2020/3xxx/CVE-2020-3943.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMWare",
"product": {
"product_data": [
{
"product_name": "vRealize Operations for Horizon Adapter",
"version": {
"version_data": [
{
"version_value": "6.7.x prior to 6.7.1"
},
{
"version_value": "6.6.x prior to 6.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations."
}
]
}

53
2020/3xxx/CVE-2020-3944.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMWare",
"product": {
"product_data": [
{
"product_name": "vRealize Operations for Horizon Adapter",
"version": {
"version_data": [
{
"version_value": "6.7.x prior to 6.7.1"
},
{
"version_value": "6.6.x prior to 6.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication."
}
]
}

53
2020/3xxx/CVE-2020-3945.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMWare",
"product": {
"product_data": [
{
"product_name": "vRealize Operations for Horizon Adapter",
"version": {
"version_data": [
{
"version_value": "6.7.x prior to 6.7.1"
},
{
"version_value": "6.6.x prior to 6.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0003.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information"
}
]
}

60
2020/6xxx/CVE-2020-6970.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Emerson",
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
}

50
2020/7xxx/CVE-2020-7942.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@puppet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Puppet",
"product": {
"product_data": [
{
"product_name": "Puppet",
"version": {
"version_data": [
{
"version_value": "6.13.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary retrieval"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://puppet.com/security/cve/CVE-2020-7942/",
"url": "https://puppet.com/security/cve/CVE-2020-7942/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior."
}
]
}