admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-06 19:02:21 +00:00
parent 1eff58f451
commit b92d5bca19
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
25 changed files with 1039 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2020/13xxx/CVE-2020-13294.json
View File

@ -50,20 +50,20 @@
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/222829",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/222829",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/892427",
"url": "https://hackerone.com/reports/892427",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json",
"refsource": "CONFIRM"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/26147",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/26147",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/469728",
"url": "https://hackerone.com/reports/469728",
"refsource": "MISC"
}
]
},
@ -94,7 +94,7 @@
"credit": [
{
"lang": "eng",
"value": "Thanks [@benaubin](https://hackerone.com/benaubin) for reporting this vulnerability through our HackerOne bug bounty program"
"value": "Thanks [@whitehattushu](https://hackerone.com/whitehattushu) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

88
2020/13xxx/CVE-2020-13333.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.1, <13.2.10"
},
{
"version_value": ">=13.3.0, <13.3.7"
},
{
"version_value": ">=13.4.0, <13.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/218753",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/218753",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/870820",
"url": "https://hackerone.com/reports/870820",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13333.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13333.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage."
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [@anyday](https://hackerone.com/anyday) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

88
2020/13xxx/CVE-2020-13343.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.2, <13.2.10"
},
{
"version_value": ">=13.3.0, <13.3.7"
},
{
"version_value": ">=13.4.0, <13.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper handling of insufficient permissions or privileges in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/14861",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/14861",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/689314",
"url": "https://hackerone.com/reports/689314",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13343.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13343.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [jobert](https://hackerone.com/jobert) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

88
2020/13xxx/CVE-2020-13345.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13345",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=10.8, <13.2.10"
},
{
"version_value": ">=13.3.0, <13.3.7"
},
{
"version_value": ">=13.4.0, <13.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/232829",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/232829",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/946728",
"url": "https://hackerone.com/reports/946728",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13345.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13345.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

2
2020/15xxx/CVE-2020-15239.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic.\n\nFor example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access.\n\nIf instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances.\n\nIf the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload.\n\nThe issue is patched in version 0.4.0."
"value": "In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic. For example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access. If instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances. If the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload. The issue is patched in version 0.4.0."
}
]
},

66
2020/15xxx/CVE-2020-15927.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com",
"refsource": "MISC",
"name": "https://www.manageengine.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/issues.html#v14750",
"url": "https://www.manageengine.com/products/applications_manager/issues.html#v14750"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15927.html"
}
]
}

5
2020/16xxx/CVE-2020-16250.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
}
]
}

5
2020/16xxx/CVE-2020-16251.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
}
]
}

5
2020/25xxx/CVE-2020-25247.json
View File

@ -56,6 +56,11 @@
"url": "https://seclists.org/fulldisclosure/2020/Sep/21",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Sep/21"
},
{
"refsource": "FULLDISC",
"name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2020/Oct/9"
}
]
}

5
2020/25xxx/CVE-2020-25254.json
View File

@ -56,6 +56,11 @@
"url": "https://seclists.org/fulldisclosure/2020/Sep/7",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Sep/7"
},
{
"refsource": "FULLDISC",
"name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2020/Oct/9"
}
]
}

5
2020/25xxx/CVE-2020-25790.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Typesetter/Typesetter/issues/674",
"refsource": "MISC",
"name": "https://github.com/Typesetter/Typesetter/issues/674"
},
{
"refsource": "FULLDISC",
"name": "20201006 CVE-2020-25790",
"url": "http://seclists.org/fulldisclosure/2020/Oct/11"
}
]
}

62
2020/26xxx/CVE-2020-26597.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lgsecurity.lge.com/",
"refsource": "MISC",
"name": "https://lgsecurity.lge.com/"
}
]
}
}

62
2020/26xxx/CVE-2020-26598.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lgsecurity.lge.com/",
"refsource": "MISC",
"name": "https://lgsecurity.lge.com/"
}
]
}
}

62
2020/26xxx/CVE-2020-26599.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26600.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26601.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26602.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26603.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26604.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26605.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26606.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

62
2020/26xxx/CVE-2020-26607.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

2
2020/7xxx/CVE-2020-7232.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL."
"value": "Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL."
}
]
},

12
2020/8xxx/CVE-2020-8781.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sierra Wireless ALEOS 4.11 through 4.13.0 has an Improper Authorization issue."
"value": "Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process."
}
]
},
@ -52,16 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sierrawireless.com/company/security/",
"refsource": "MISC",
"name": "https://www.sierrawireless.com/company/security/"
},
{
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,14,-d-,0-release-notes/",
"refsource": "MISC",
"name": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,14,-d-,0-release-notes/"
},
{
"refsource": "CONFIRM",
"name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005/",

5
2020/8xxx/CVE-2020-8782.json
View File

@ -83,11 +83,6 @@
"refsource": "CONFIRM",
"name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005/",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005/"
},
{
"refsource": "MISC",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005/",
"name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005/"
}
]
},