admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-05 14:01:46 +00:00
parent dc151a4f08
commit b8ac79d6b5
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 752 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/14xxx/CVE-2019-14556.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14556",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel BIOS",
"version": {
"version_data": [
{
"version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access."
}
]
}
}

62
2019/14xxx/CVE-2019-14557.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14557",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel BIOS",
"version": {
"version_data": [
{
"version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access."
}
]
}
}

62
2019/14xxx/CVE-2019-14558.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14558",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel BIOS",
"version": {
"version_data": [
{
"version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access."
}
]
}
}

62
2020/0xxx/CVE-2020-0571.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0571",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel BIOS",
"version": {
"version_data": [
{
"version_value": "8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access."
}
]
}
}

50
2020/12xxx/CVE-2020-12302.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-12302", "ID": "CVE-2020-12302",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure@intel.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) Driver & Support Assistant",
"version": {
"version_data": [
{
"version_value": "before version 20.7.26.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00405.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00405.html"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access."
} }
] ]
} }

65
2020/25xxx/CVE-2020-25635.json
View File

@ -4,15 +4,74 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-25635", "ID": "CVE-2020-25635",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AWS Community",
"product": {
"product_data": [
{
"product_name": "Community Collections",
"version": {
"version_data": [
{
"version_value": "from 1.0.0 to 1.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ansible-collections/community.aws/issues/222",
"refsource": "MISC",
"name": "https://github.com/ansible-collections/community.aws/issues/222"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality."
} }
] ]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
} }
} }

56
2020/26xxx/CVE-2020-26061.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26061",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-26061",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx",
"refsource": "MISC",
"name": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
} }
] ]
} }

108
2020/4xxx/CVE-2020-4493.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"DATE_PUBLIC" : "2020-10-01T00:00:00", "DATE_PUBLIC": "2020-10-01T00:00:00",
"ID" : "CVE-2020-4493", "ID": "CVE-2020-4493",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com" "ASSIGNER": "psirt@us.ibm.com"
}, },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995." "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995."
} }
] ]
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"TM" : { "TM": {
"RL" : "O", "RL": "O",
"RC" : "C", "RC": "C",
"E" : "U" "E": "U"
}, },
"BM" : { "BM": {
"PR" : "N", "PR": "N",
"AC" : "L", "AC": "L",
"A" : "H", "A": "H",
"S" : "U", "S": "U",
"UI" : "N", "UI": "N",
"SCORE" : "9.800", "SCORE": "9.800",
"I" : "H", "I": "H",
"C" : "H", "C": "H",
"AV" : "N" "AV": "N"
} }
} }
}, },
"data_type" : "CVE", "data_type": "CVE",
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"value" : "Bypass Security", "value": "Bypass Security",
"lang" : "eng" "lang": "eng"
} }
] ]
} }
] ]
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Maximo Asset Management", "product_name": "Maximo Asset Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.6.0" "version_value": "7.6.0"
}, },
{ {
"version_value" : "7.6.1" "version_value": "7.6.1"
} }
] ]
} }
@ -73,21 +73,21 @@
] ]
} }
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"title" : "IBM Security Bulletin 6340281 (Maximo Asset Management)", "title": "IBM Security Bulletin 6340281 (Maximo Asset Management)",
"url" : "https://www.ibm.com/support/pages/node/6340281", "url": "https://www.ibm.com/support/pages/node/6340281",
"name" : "https://www.ibm.com/support/pages/node/6340281", "name": "https://www.ibm.com/support/pages/node/6340281",
"refsource" : "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"refsource" : "XF", "refsource": "XF",
"name" : "ibm-maximo-cve20204493-auth-bypass (181995)", "name": "ibm-maximo-cve20204493-auth-bypass (181995)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995",
"title" : "X-Force Vulnerability Report" "title": "X-Force Vulnerability Report"
} }
] ]
}, },
"data_version" : "4.0" "data_version": "4.0"
} }

55
2020/8xxx/CVE-2020-8182.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8182", "ID": "CVE-2020-8182",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Deck",
"version": {
"version_data": [
{
"version_value": "Fixed in 0.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/827816",
"url": "https://hackerone.com/reports/827816"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-025",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-025"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves."
} }
] ]
} }

55
2020/8xxx/CVE-2020-8223.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8223", "ID": "CVE-2020-8223",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 19.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management (CWE-269)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/889243",
"url": "https://hackerone.com/reports/889243"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-029",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-029"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves."
} }
] ]
} }

55
2020/8xxx/CVE-2020-8228.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8228", "ID": "CVE-2020-8228",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Preferred Provider",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Errors (CWE-840)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/922470",
"url": "https://hackerone.com/reports/922470"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-033",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-033"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times."
} }
] ]
} }

55
2020/8xxx/CVE-2020-8235.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8235", "ID": "CVE-2020-8235",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "support@hackerone.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Deck app",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.0.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/916704",
"url": "https://hackerone.com/reports/916704"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments."
} }
] ]
} }

50
2020/8xxx/CVE-2020-8671.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-8671", "ID": "CVE-2020-8671",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure@intel.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel BIOS",
"version": {
"version_data": [
{
"version_value": "8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access."
} }
] ]
} }