"-Synchronized-Data."

2025-06-12 02:05:39 +00:00 · 2020-02-26 22:01:09 +00:00 · 2020-02-26 22:01:09 +00:00 · b2b8059f6c
commit b2b8059f6c
parent 63534295f7
2 changed files with 67 additions and 0 deletions
--- a/2019/18xxx/CVE-2019-18238.json
+++ b/2019/18xxx/CVE-2019-18238.json
@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-18238",
+        "ASSIGNER": "ics-cert@hq.dhs.gov",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility  ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility  ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02",
+                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."
+            }
+        ]
+    }
+}
--- a/2020/8xxx/CVE-2020-8794.json
+++ b/2020/8xxx/CVE-2020-8794.json
@ -61,6 +61,11 @@
                "refsource": "MISC",
                "name": "https://www.openwall.com/lists/oss-security/2020/02/24/5",
                "url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)",
+                "url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
            }
        ]
    }