admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into Siemens-AD-2021-04

Browse Source
This commit is contained in:
productcert 2021-04-16 21:34:45 +02:00 committed by GitHub
commit bb1c04c789
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1380 changed files with 51868 additions and 1584 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2015/20xxx/CVE-2015-20002.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-20002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

10
2015/5xxx/CVE-2015-5219.json
View File

@ -161,6 +161,16 @@
"name": "FEDORA-2015-14213",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/7xxx/CVE-2015-7705.json
View File

@ -111,6 +111,16 @@
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/7xxx/CVE-2015-7855.json
View File

@ -96,6 +96,16 @@
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

5
2015/7xxx/CVE-2015-7871.json
View File

@ -96,6 +96,11 @@
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
}
]
}

10
2015/7xxx/CVE-2015-7973.json
View File

@ -151,6 +151,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/7xxx/CVE-2015-7974.json
View File

@ -111,6 +111,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/7xxx/CVE-2015-7977.json
View File

@ -176,6 +176,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/7xxx/CVE-2015-7979.json
View File

@ -186,6 +186,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2015/8xxx/CVE-2015-8138.json
View File

@ -191,6 +191,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2016/1xxx/CVE-2016-1547.json
View File

@ -126,6 +126,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2016/1xxx/CVE-2016-1548.json
View File

@ -123,6 +123,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2016/1xxx/CVE-2016-1550.json
View File

@ -126,6 +126,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2016/4xxx/CVE-2016-4953.json
View File

@ -126,6 +126,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

10
2016/4xxx/CVE-2016-4954.json
View File

@ -121,6 +121,16 @@
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}

18
2017/20xxx/CVE-2017-20003.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2017/20xxx/CVE-2017-20004.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-20004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rust-lang/rust/issues/41622",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/issues/41622"
},
{
"url": "https://github.com/rust-lang/rust/pull/41624",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/pull/41624"
}
]
}
}

5
2018/13xxx/CVE-2018-13982.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html"
}
]
}

120
2018/19xxx/CVE-2018-19942.json
View File

@ -1,9 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-04-16T00:45:00.000Z",
"ID": "CVE-2018-19942",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting Vulnerability in File Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.5.2.1566 build 20210202"
},
{
"version_affected": "<",
"version_value": "4.5.1.1456 build 20201015"
},
{
"version_affected": "<",
"version_value": "4.3.6.1446 build 20200929"
},
{
"version_affected": "<",
"version_value": "4.3.4.1463 build 20201006"
},
{
"version_affected": "<",
"version_value": "4.3.3.1432 build 20201006"
},
{
"version_affected": "<",
"version_value": "4.2.6 build 20210327"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "h4.5.1.1472 build 20201031"
}
]
}
},
{
"product_name": "QuTScloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "c4.5.4.1601 build 20210309"
},
{
"version_affected": "<",
"version_value": "c4.5.3.1454 build 20201013"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Independent Security Evaluators"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +89,44 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-04",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-04"
}
]
},
"source": {
"advisory": "QSA-21-04",
"discovery": "EXTERNAL"
}
}

15
2018/1xxx/CVE-2018-1320.json
View File

@ -156,6 +156,21 @@
"refsource": "MLIST",
"name": "[cassandra-commits] 20210323 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)",
"url": "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3Ccommits.cassandra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)",
"url": "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3Ccommits.cassandra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cassandra-commits] 20210415 [jira] [Comment Edited] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)",
"url": "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3Ccommits.cassandra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)",
"url": "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3Ccommits.cassandra.apache.org%3E"
}
]
}

18
2018/25xxx/CVE-2018-25007.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2018/25xxx/CVE-2018-25008.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-25008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rust-lang/rust/issues/51780",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/issues/51780"
},
{
"url": "https://github.com/rust-lang/rust/pull/52031",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/pull/52031"
}
]
}
}

10
2019/0xxx/CVE-2019-0195.json
View File

@ -68,6 +68,16 @@
"refsource": "MLIST",
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tapestry-users] 20210414 [SECURITY VULNERABILITY DISCLOSURE] CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751@%3Cusers.tapestry.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
}
]
},

10
2019/0xxx/CVE-2019-0205.json
View File

@ -198,6 +198,16 @@
"refsource": "MLIST",
"name": "[thrift-dev] 20210204 [jira] [Updated] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version",
"url": "https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d@%3Cdev.thrift.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4",
"url": "https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4",
"url": "https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E"
}
]
},

269
2019/10xxx/CVE-2019-10881.json
View File

@ -1,18 +1,273 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"ID": "CVE-2019-10881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Default hidden Privileged Account Vulnerability in multiple XEROX devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AltaLink B8045/B8055/B8065/B8075/B8090",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "AltaLink C8030/C8035/C8045/C8055/C8070",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 3655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5845/5855/5865/5875/5890",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5945/5955",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6655",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7220/7225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7830/7835/7845/7855",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7970",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre EC7836/EC7856",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 9301/9302/9303",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "ColorQube 8700/8900",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 6400",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 6700",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Phaser 7800",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7525/7530/7535/7545/7556",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "WorkCentre 7755/7765/7775",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "XEROX"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rapha\u00ebl Rigo from the Airbus Security Lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://airbus-seclab.github.io/",
"name": "https://airbus-seclab.github.io/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "No fix available for now."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There no known workaround for now available."
}
]
}

1
2019/13xxx/CVE-2019-13947.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

5
2019/15xxx/CVE-2019-15949.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/162158/Nagios-XI-getprofile.sh-Remote-Command-Execution.html"
}
]
}

10
2019/17xxx/CVE-2019-17195.json
View File

@ -81,6 +81,16 @@
"refsource": "CONFIRM",
"name": "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"refsource": "MLIST",
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
}
]
}

1
2019/18xxx/CVE-2019-18337.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/18xxx/CVE-2019-18338.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/18xxx/CVE-2019-18340.json
View File

@ -79,6 +79,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/18xxx/CVE-2019-18341.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/18xxx/CVE-2019-18342.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19290.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19291.json
View File

@ -69,6 +69,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19292.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19293.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19294.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

1
2019/19xxx/CVE-2019-19295.json
View File

@ -59,6 +59,7 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]

10
2019/19xxx/CVE-2019-19956.json
View File

@ -101,6 +101,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
}
]
}

18
2019/25xxx/CVE-2019-25027.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/25xxx/CVE-2019-25028.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2020/11xxx/CVE-2020-11022.json
View File

@ -213,6 +213,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
}
]
},

5
2020/11xxx/CVE-2020-11023.json
View File

@ -323,6 +323,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"
}
]
},

5
2020/11xxx/CVE-2020-11987.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-65ff5f10e2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-33a1b73e48",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
}
]
},

50
2020/13xxx/CVE-2020-13566.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13566",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "phpGACL 3.3.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is \u201cDelete\u201d, the POST parameter delete_group leads to a SQL injection."
}
]
}

50
2020/13xxx/CVE-2020-13568.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpGACL",
"version": {
"version_data": [
{
"version_value": "OpenEMR 5.0.2, OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce), phpGACL 3.3.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is \u201cSubmit\u201d, the POST parameter parent_id leads to a SQL injection."
}
]
}

5
2020/13xxx/CVE-2020-13949.json
View File

@ -398,6 +398,11 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"url": "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E"
}
]
},

5
2020/14xxx/CVE-2020-14372.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-003"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210416-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210416-0004/"
}
]
},

40
2020/15xxx/CVE-2020-15250.json
View File

@ -153,6 +153,46 @@
"refsource": "MLIST",
"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210415 [GitHub] [pulsar] eolivelli merged pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
"url": "https://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210415 [pulsar] branch master updated: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak (#10147)",
"url": "https://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b@%3Ccommits.pulsar.apache.org%3E"
}
]
},

5
2020/15xxx/CVE-2020-15500.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/maptiler/tileserver-gl/issues/461",
"refsource": "MISC",
"name": "https://github.com/maptiler/tileserver-gl/issues/461"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html"
}
]
}

56
2020/19xxx/CVE-2020-19778.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in \"/index.php\" by manipulating the parameter \"user_id\" in the HTML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gongfuxiang/shopxo/issues/23",
"refsource": "MISC",
"name": "https://github.com/gongfuxiang/shopxo/issues/23"
}
]
}

56
2020/21xxx/CVE-2020-21087.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the \"New Name\" field of the \"Rename a Module\" tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/X2Engine/X2CRM/issues/162",
"url": "https://github.com/X2Engine/X2CRM/issues/162"
}
]
}

61
2020/21xxx/CVE-2020-21088.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the \"First Name\" and \"Last Name\" fields in \"/index.php/contacts/create page\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/X2Engine/X2CRM/issues/161",
"url": "https://github.com/X2Engine/X2CRM/issues/161"
},
{
"refsource": "MISC",
"name": "https://github.com/X2Engine/X2CRM/issues/183",
"url": "https://github.com/X2Engine/X2CRM/issues/183"
}
]
}

5
2020/24xxx/CVE-2020-24135.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/9",
"url": "https://github.com/vedees/wcms/issues/9"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24135.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24135.md"
}
]
}

5
2020/24xxx/CVE-2020-24136.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/12",
"url": "https://github.com/vedees/wcms/issues/12"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24136.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24136.md"
}
]
}

5
2020/24xxx/CVE-2020-24137.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/7",
"url": "https://github.com/vedees/wcms/issues/7"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24137.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24137.md"
}
]
}

5
2020/24xxx/CVE-2020-24138.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/10",
"url": "https://github.com/vedees/wcms/issues/10"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24138.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24138.md"
}
]
}

5
2020/24xxx/CVE-2020-24139.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/8",
"url": "https://github.com/vedees/wcms/issues/8"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24139.md"
}
]
}

5
2020/24xxx/CVE-2020-24140.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/vedees/wcms/issues/11",
"url": "https://github.com/vedees/wcms/issues/11"
},
{
"refsource": "MISC",
"name": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24140.md",
"url": "https://github.com/secwx/research/blob/main/cve/CVE-2020-24140.md"
}
]
}

10
2020/27xxx/CVE-2020-27216.json
View File

@ -625,6 +625,16 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210410 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r6b83ca85c8f9a6794b1f85bc70d1385ed7bc1ad07750d0977537154a@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210415 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r6f51a654ac2e67e3d1c65a8957cbbb127c3f15b64b4fcd626df03633@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210416 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r819857361f5a156e90d6d06ccf6c41026bc99030d60d0804be3a9957@%3Cissues.beam.apache.org%3E"
}
]
}

50
2020/27xxx/CVE-2020-27227.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system."
}
]
}

50
2020/27xxx/CVE-2020-27228.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect default permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1204",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1204"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27233.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27234.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27235.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27236.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27236",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27237.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27238.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27239.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

56
2020/28xxx/CVE-2020-28124.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3",
"refsource": "MISC",
"name": "https://github.com/418sec/huntr/tree/staging/bounties/packagist/lavalite/cms/3"
}
]
}

6
2020/28xxx/CVE-2020-28385.json
View File

@ -69,7 +69,13 @@
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
}
]
}

50
2020/28xxx/CVE-2020-28590.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Slic3r",
"version": {
"version_data": [
{
"version_value": "Slic3r libslic3r 1.3.0 , Slic3r libslic3r Master Commit 92abbc42"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2020/28xxx/CVE-2020-28592.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Cosori",
"version": {
"version_data": [
{
"version_value": "Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
}

50
2020/28xxx/CVE-2020-28593.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Cosori",
"version": {
"version_data": [
{
"version_value": "Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hidden functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
}

56
2020/28xxx/CVE-2020-28898.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/1318289409/v2021.2+-+March+2021",
"url": "https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/1318289409/v2021.2+-+March+2021"
}
]
}

5
2020/29xxx/CVE-2020-29238.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://ja1sharma.com/blog/2021/CVE-2020-29238/",
"url": "http://ja1sharma.com/blog/2021/CVE-2020-29238/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162152/ExpressVPN-VPN-Router-1.0-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/162152/ExpressVPN-VPN-Router-1.0-Integer-Overflow.html"
}
]
}

61
2020/29xxx/CVE-2020-29592.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"refsource": "MISC",
"name": "https://github.com/OrchardCMS/Orchard/releases",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}

61
2020/29xxx/CVE-2020-29593.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"refsource": "MISC",
"name": "https://github.com/OrchardCMS/Orchard/releases",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}

56
2020/35xxx/CVE-2020-35418.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"
}
]
}

56
2020/35xxx/CVE-2020-35419.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/",
"refsource": "MISC",
"name": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"
}
]
}

5
2020/35xxx/CVE-2020-35578.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160948/Nagios-XI-5.7.x-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/160948/Nagios-XI-5.7.x-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162207/Nagios-XI-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162207/Nagios-XI-Remote-Code-Execution.html"
}
]
}

66
2020/35xxx/CVE-2020-35660.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.huntr.dev/bounties/1-other-monica/",
"refsource": "MISC",
"name": "https://www.huntr.dev/bounties/1-other-monica/"
},
{
"refsource": "MISC",
"name": "https://github.com/monicahq/monica/releases/tag/v2.19.1",
"url": "https://github.com/monicahq/monica/releases/tag/v2.19.1"
},
{
"refsource": "MISC",
"name": "https://github.com/monicahq/monica/pull/4451",
"url": "https://github.com/monicahq/monica/pull/4451"
}
]
}

5
2020/35xxx/CVE-2020-35775.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html",
"url": "https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162181/CITSmart-ITSM-9.1.2.22-LDAP-Injection.html",
"url": "http://packetstormsecurity.com/files/162181/CITSmart-ITSM-9.1.2.22-LDAP-Injection.html"
}
]
}

56
2020/36xxx/CVE-2020-36120.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow in the \"sixel_encoder_encode_bytes\" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/saitoha/libsixel/issues/143",
"refsource": "MISC",
"name": "https://github.com/saitoha/libsixel/issues/143"
}
]
}

104
2020/36xxx/CVE-2020-36288.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-04-14T00:00:00",
"ID": "CVE-2020-36288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.5.12",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.4",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.15.1",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.5.12",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.4",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.15.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72115",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-72115"
}
]
}
}
}

18
2020/36xxx/CVE-2020-36319.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/36xxx/CVE-2020-36320.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/36xxx/CVE-2020-36321.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/36xxx/CVE-2020-36322.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6"
}
]
}
}

67
2020/36xxx/CVE-2020-36323.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rust-lang/rust/issues/80335",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/issues/80335"
},
{
"url": "https://github.com/rust-lang/rust/pull/81728",
"refsource": "MISC",
"name": "https://github.com/rust-lang/rust/pull/81728"
}
]
}
}

80
2020/7xxx/CVE-2020-7269.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2020-7269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Sensitive Information Exposure in McAfee ATD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Advanced Threat Defense (ATD)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.12.2"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

80
2020/7xxx/CVE-2020-7270.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2020-7270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Sensitive Information Exposure in McAfee ATD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Advanced Threat Defense (ATD)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.12.2"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

82
2020/7xxx/CVE-2020-7308.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2020-7308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Transmission of data in clear text by McAfee ENS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Endpoint Security (ENS) for WIndows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "10.7.0 February 2021 Update"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10354",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10354"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}

5
2020/7xxx/CVE-2020-7585.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
]
}

5
2020/7xxx/CVE-2020-7586.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-05"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-05"
}
]
}

10
2020/7xxx/CVE-2020-7595.json
View File

@ -101,6 +101,16 @@
"refsource": "GENTOO",
"name": "GLSA-202010-04",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
}
]
}

4
2020/8xxx/CVE-2020-8358.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-8358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

4
2020/8xxx/CVE-2020-8359.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-8359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

4
2020/8xxx/CVE-2020-8360.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-8360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

Some files were not shown because too many files have changed in this diff Show More