admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-05 18:01:29 +00:00
parent dd9d587e96
commit c9f6a29585
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
30 changed files with 854 additions and 711 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2020/10xxx/CVE-2020-10019.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"
}
]
},

10
2020/10xxx/CVE-2020-10021.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23240",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23456",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23456"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021"
}
]
},

10
2020/10xxx/CVE-2020-10022.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24154",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24066",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24066"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022"
}
]
},

10
2020/10xxx/CVE-2020-10023.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23304",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23649",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23649"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023"
}
]
},

10
2020/10xxx/CVE-2020-10024.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
}
]
},

10
2020/10xxx/CVE-2020-10027.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23328",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23499",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23499"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027"
}
]
},

10
2020/10xxx/CVE-2020-10028.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23308",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23737",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23737"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028"
}
]
},

8
2020/10xxx/CVE-2020-10058.json
View File

@ -92,13 +92,13 @@
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23748",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23748"
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058"
}
]
},

10
2020/10xxx/CVE-2020-10059.json
View File

@ -85,11 +85,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954",
@ -104,6 +99,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
]
},

34
2020/10xxx/CVE-2020-10061.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions."
"value": "Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
@ -85,28 +85,34 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23516",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23516"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23517",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23517"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23547",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23547"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
}
]
},
@ -116,4 +122,4 @@
],
"discovery": "EXTERNAL"
}
}
}

24
2020/10xxx/CVE-2020-10062.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
"value": "An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
@ -81,20 +81,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
}
]
},
@ -104,4 +108,4 @@
],
"discovery": "EXTERNAL"
}
}
}

34
2020/10xxx/CVE-2020-10063.json
View File

@ -51,7 +51,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service.\n\n\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
"value": "A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
@ -89,28 +89,34 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-55"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24435",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24435"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24531",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24531"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24535",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24535"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24530",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24530"
}
]
},
@ -120,4 +126,4 @@
],
"discovery": "EXTERNAL"
}
}
}

10
2020/10xxx/CVE-2020-10067.json
View File

@ -89,11 +89,6 @@
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
},
{
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23239",
@ -108,6 +103,11 @@
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23654",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23654"
},
{
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067"
}
]
},

34
2020/10xxx/CVE-2020-10068.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service.\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions, and version 1.14.0 and later versions."
"value": "In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions."
}
]
},
@ -85,28 +85,34 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-78"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23707",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23707"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23708",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23708"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23091"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23964",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23964"
}
]
},
@ -116,4 +122,4 @@
],
"discovery": "EXTERNAL"
}
}
}

24
2020/10xxx/CVE-2020-10070.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
"value": "In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
@ -89,20 +89,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-85"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/0b39cbf3c01d7feec9d0dd7cc7e0e374b6113542"
}
]
},
@ -112,4 +116,4 @@
],
"discovery": "EXTERNAL"
}
}
}

24
2020/10xxx/CVE-2020-10071.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031\nThis issue affects:\nzephyrproject-rtos zephyr\nversion 2.2.0 and later versions."
"value": "The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions."
}
]
},
@ -89,20 +89,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
"refsource": "MISC",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment",
"name": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
},
{
"refsource": "CONFIRM",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86",
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-86"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071",
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071"
},
{
"refsource": "CONFIRM",
"url": "https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment"
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082",
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/989c4713ba429aa5105fe476b4d629718f3e6082"
}
]
},
@ -112,4 +116,4 @@
],
"discovery": "EXTERNAL"
}
}
}

5
2020/11xxx/CVE-2020-11679.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
"url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
},
{
"refsource": "FULLDISC",
"name": "20200605 Castel NextGen DVR multiple CVEs",
"url": "http://seclists.org/fulldisclosure/2020/Jun/8"
}
]
}

5
2020/11xxx/CVE-2020-11680.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
"url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
},
{
"refsource": "FULLDISC",
"name": "20200605 Castel NextGen DVR multiple CVEs",
"url": "http://seclists.org/fulldisclosure/2020/Jun/8"
}
]
}

5
2020/11xxx/CVE-2020-11681.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass",
"url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass"
},
{
"refsource": "FULLDISC",
"name": "20200605 Castel NextGen DVR multiple CVEs",
"url": "http://seclists.org/fulldisclosure/2020/Jun/8"
}
]
}

5
2020/11xxx/CVE-2020-11682.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrf",
"url": "https://www.securitymetrics.com/blog/where-did-request-come-from-cross-site-request-forgery-csrf"
},
{
"refsource": "FULLDISC",
"name": "20200605 Castel NextGen DVR multiple CVEs",
"url": "http://seclists.org/fulldisclosure/2020/Jun/8"
}
]
}

62
2020/13xxx/CVE-2020-13867.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-iscsi/targetcli-fb/pull/172",
"refsource": "MISC",
"name": "https://github.com/open-iscsi/targetcli-fb/pull/172"
}
]
}
}

5
2020/1xxx/CVE-2020-1963.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[ignite-dev] 20200603 RE: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability",
"url": "https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ignite-dev] 20200605 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability",
"url": "https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E"
}
]
},

5
2020/1xxx/CVE-2020-1964.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r16dd39f4180e4443ef4ca774a3a5a3d7ac69f91812c183ed2a99e959%40%3Cdev.heron.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r16dd39f4180e4443ef4ca774a3a5a3d7ac69f91812c183ed2a99e959%40%3Cdev.heron.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ignite-dev] 20200605 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability",
"url": "https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E"
}
]
},

176
2020/4xxx/CVE-2020-4229.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.0.0.0"
}
]
},
"product_name" : "MobileFirst Platform Foundation"
}
]
}
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6220230 (MobileFirst Platform Foundation)",
"name" : "https://www.ibm.com/support/pages/node/6220230",
"url" : "https://www.ibm.com/support/pages/node/6220230",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175211",
"name" : "ibm-worklight-cve20204229-session-fixation (175211)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"C" : "L",
"PR" : "N",
"AC" : "H",
"UI" : "N",
"A" : "L",
"I" : "L",
"S" : "U",
"SCORE" : "5.600"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.0.0.0"
}
]
},
"product_name": "MobileFirst Platform Foundation"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-04T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4229",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0"
}
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6220230 (MobileFirst Platform Foundation)",
"name": "https://www.ibm.com/support/pages/node/6220230",
"url": "https://www.ibm.com/support/pages/node/6220230",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175211",
"name": "ibm-worklight-cve20204229-session-fixation (175211)",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "N",
"C": "L",
"PR": "N",
"AC": "H",
"UI": "N",
"A": "L",
"I": "L",
"S": "U",
"SCORE": "5.600"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-04T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4229",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0"
}

199
2020/4xxx/CVE-2020-4448.json
View File

@ -1,99 +1,104 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6220336 (WebSphere Application Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6220336",
"name" : "https://www.ibm.com/support/pages/node/6220336"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228",
"name" : "ibm-websphere-cve20204448-command-exec (181228)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "9.800",
"S" : "U",
"I" : "H",
"A" : "H",
"UI" : "N",
"AC" : "L",
"PR" : "N",
"C" : "H",
"AV" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-04T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4448",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6220336 (WebSphere Application Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6220336",
"name": "https://www.ibm.com/support/pages/node/6220336"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228",
"name": "ibm-websphere-cve20204448-command-exec (181228)",
"refsource": "XF"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "9.800",
"S": "U",
"I": "H",
"A": "H",
"UI": "N",
"AC": "L",
"PR": "N",
"C": "H",
"AV": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-04T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4448",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0"
}

199
2020/4xxx/CVE-2020-4449.json
View File

@ -1,99 +1,104 @@
{
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-04T00:00:00",
"ID" : "CVE-2020-4449",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6220296",
"name" : "https://www.ibm.com/support/pages/node/6220296",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6220296 (WebSphere Application Server)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181230",
"name" : "ibm-websphere-cve20204449-info-disc (181230)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-04T00:00:00",
"ID": "CVE-2020-4449",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "N",
"I" : "N",
"SCORE" : "7.500",
"S" : "U",
"PR" : "N",
"C" : "H",
"AV" : "N",
"AC" : "L",
"UI" : "N"
}
}
}
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6220296",
"name": "https://www.ibm.com/support/pages/node/6220296",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6220296 (WebSphere Application Server)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181230",
"name": "ibm-websphere-cve20204449-info-disc (181230)",
"title": "X-Force Vulnerability Report"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-690/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-690/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "N",
"I": "N",
"SCORE": "7.500",
"S": "U",
"PR": "N",
"C": "H",
"AV": "N",
"AC": "L",
"UI": "N"
}
}
}
}

185
2020/4xxx/CVE-2020-4450.json
View File

@ -1,93 +1,98 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-04T00:00:00",
"ID" : "CVE-2020-4450",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6220294",
"url" : "https://www.ibm.com/support/pages/node/6220294",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6220294 (WebSphere Application Server)"
},
{
"name" : "ibm-websphere-cve20204450-command-exec (181231)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181231",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"AV" : "N",
"C" : "H",
"PR" : "N",
"AC" : "L",
"I" : "H",
"S" : "U",
"SCORE" : "9.800",
"A" : "H"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-04T00:00:00",
"ID": "CVE-2020-4450",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6220294",
"url": "https://www.ibm.com/support/pages/node/6220294",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6220294 (WebSphere Application Server)"
},
{
"name": "ibm-websphere-cve20204450-command-exec (181231)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181231",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-689/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-689/"
}
]
}
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"AV": "N",
"C": "H",
"PR": "N",
"AC": "L",
"I": "H",
"S": "U",
"SCORE": "9.800",
"A": "H"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

15
2020/5xxx/CVE-2020-5591.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5591",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://xack.co.jp/info/?ID=622"
"url": "https://xack.co.jp/info/?ID=622",
"refsource": "MISC",
"name": "https://xack.co.jp/info/?ID=622"
},
{
"url": "https://jvn.jp/en/jp/JVN40208370/index.html"
"url": "https://jvn.jp/en/jp/JVN40208370/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN40208370/index.html"
}
]
},
@ -55,8 +60,8 @@
"description_data": [
{
"lang": "eng",
"value": "XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack."
"value": "XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack."
}
]
}
}
}

9
2020/8xxx/CVE-2020-8103.json
View File

@ -33,7 +33,7 @@
"credit": [
{
"lang": "eng",
"value": "Ilias Dimopoulos ofRedyOps Research Labs"
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"data_format": "MITRE",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178."
"value": "A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178."
}
]
},
@ -81,8 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/",
"name": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604/"
}
]
},

418
2020/8xxx/CVE-2020-8555.json
View File

@ -1,216 +1,216 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-8555",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "",
"TITLE": "Kubernetes kube-controller-manager SSRF",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"advisory": "",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "",
"version_value": "prior to 1.15.12",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "prior to 1.16.9",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "prior to 1.17.5",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.18.0",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.1",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.2",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.3",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.4",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.5",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.6",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.7",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.8",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.9",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.10",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.11",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.12",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.13",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.14",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-8555",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "",
"TITLE": "Kubernetes kube-controller-manager SSRF",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"advisory": "",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_name": "1.15",
"version_affected": "<",
"version_value": "1.15.12",
"platform": ""
},
{
"version_name": "1.16",
"version_affected": "<",
"version_value": "1.16.9",
"platform": ""
},
{
"version_name": "1.17",
"version_affected": "<",
"version_value": "1.17.5",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.18.0",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.1",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.2",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.3",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.4",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.5",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.6",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.7",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.8",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.9",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.10",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.11",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.12",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.13",
"platform": ""
},
{
"version_name": "",
"version_affected": "",
"version_value": "1.14",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion",
"name": ""
},
{
"refsource": "CONFIRM",
"name": "https://github.com/kubernetes/kubernetes/issues/91542",
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [
{
"lang": "eng",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-security/security-disclosures/issues/207",
"name": ""
},
{
"refsource": "MLIST",
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion",
"name": ""
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [
{
"lang": "eng",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
]
}
}