admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-23 21:01:24 +00:00
parent 4f974dd574
commit c2438a6267
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 617 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2019/6xxx/CVE-2019-6558.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6558",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6558",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)",
"version": {
"version_data": [
{
"version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WEAK PASSWORD REQUIREMENTS CWE-521"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."
}
]
}

62
2020/10xxx/CVE-2020-10874.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Motorola FX9500 devices allows remote attackers to read database files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=Lv-STOyQCVY",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=Lv-STOyQCVY"
}
]
}
}

18
2020/10xxx/CVE-2020-10875.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/10xxx/CVE-2020-10876.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/10xxx/CVE-2020-10877.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2020/6xxx/CVE-2020-6967.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation All versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation All versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data."
}
]
}

10
2020/8xxx/CVE-2020-8859.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115."
"value": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/"
},
{
"url": "https://elog.psi.ch/elogs/Forum/69114"
"url": "https://elog.psi.ch/elogs/Forum/69114",
"refsource": "MISC",
"name": "https://elog.psi.ch/elogs/Forum/69114"
}
]
},

10
2020/8xxx/CVE-2020-8863.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470."
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-267/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-267/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-267/"
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157",
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
}
]
},

10
2020/8xxx/CVE-2020-8864.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471."
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-268/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-268/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-268/"
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157",
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
}
]
},

6
2020/8xxx/CVE-2020-8865.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469."
"value": "This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469."
}
]
},
@ -54,7 +54,9 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/"
}
]
},

10
2020/8xxx/CVE-2020-8866.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user.\n\n Was ZDI-CAN-10125."
"value": "This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-275/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-275/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-275/"
},
{
"url": "https://lists.horde.org/archives/announce/2020/001288.html"
"url": "https://lists.horde.org/archives/announce/2020/001288.html",
"refsource": "MISC",
"name": "https://lists.horde.org/archives/announce/2020/001288.html"
}
]
},

10
2020/8xxx/CVE-2020-8868.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553."
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-290/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-290/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-290/"
},
{
"url": "https://support.quest.com/foglight/kb/315091/fms-5-9-5-hotfix-hfix-314"
"url": "https://support.quest.com/foglight/kb/315091/fms-5-9-5-hotfix-hfix-314",
"refsource": "MISC",
"name": "https://support.quest.com/foglight/kb/315091/fms-5-9-5-hotfix-hfix-314"
}
]
},