admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-19 13:01:15 +00:00
parent c6bf8a0234
commit c4a10f7c02
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 148 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/19xxx/CVE-2018-19320.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
"url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
},
{
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/Support/Security/1801",
"url": "https://www.gigabyte.com/Support/Security/1801"
}
]
}

5
2018/19xxx/CVE-2018-19321.json
View File

@ -66,6 +66,11 @@
"name": "106252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106252"
},
{
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/Support/Security/1801",
"url": "https://www.gigabyte.com/Support/Security/1801"
}
]
}

5
2018/19xxx/CVE-2018-19322.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
"url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
},
{
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/Support/Security/1801",
"url": "https://www.gigabyte.com/Support/Security/1801"
}
]
}

5
2018/19xxx/CVE-2018-19323.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
"url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
},
{
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/Support/Security/1801",
"url": "https://www.gigabyte.com/Support/Security/1801"
}
]
}

5
2019/7xxx/CVE-2019-7630.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0003/FEYE-2019-0003.md",
"url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0003/FEYE-2019-0003.md"
},
{
"refsource": "CONFIRM",
"name": "https://www.gigabyte.com/Support/Security/1801",
"url": "https://www.gigabyte.com/Support/Security/1801"
}
]
}

66
2020/12xxx/CVE-2020-12667.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.nxnsattack.com",
"url": "http://www.nxnsattack.com"
},
{
"refsource": "MISC",
"name": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/",
"url": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/"
},
{
"refsource": "CONFIRM",
"name": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html",
"url": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html"
}
]
}

7
2020/12xxx/CVE-2020-12768.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e."
"value": "** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will."
}
]
},
@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6"
},
{
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3"
}
]
}

2
2020/13xxx/CVE-2020-13149.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Weak permissions on the \"%PROGRAMDATA%\\MSI\\Dragon Center\" folder in Dragon Center 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory."
"value": "Weak permissions on the \"%PROGRAMDATA%\\MSI\\Dragon Center\" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory."
}
]
},

7
2020/13xxx/CVE-2020-13154.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password."
"value": "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet."
}
]
},
@ -56,6 +56,11 @@
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html",
"refsource": "MISC",
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/eLeN3Re/CVE-2020-13154",
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
}
]
}

56
2020/8xxx/CVE-2020-8434.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-auth-bypass-to-login-any-account-f1aeef438f80",
"url": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-auth-bypass-to-login-any-account-f1aeef438f80"
}
]
}