admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-07 16:01:15 +00:00
parent de07ba5e95
commit d23048c9b2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 306 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/12xxx/CVE-2020-12683.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-12683",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-12683",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Katyshop2 before 2.12 has multiple stored XSS issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-001",
"refsource": "MISC",
"name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-001"
},
{
"url": "https://sourceforge.net/p/katyshop2/code/commit_browser",
"refsource": "MISC",
"name": "https://sourceforge.net/p/katyshop2/code/commit_browser"
} }
] ]
} }

61
2020/12xxx/CVE-2020-12687.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-12687",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-12687",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SerpicoProject/Serpico/commit/0b8600414976a5ad733604c7b1428071baf239c2",
"refsource": "MISC",
"name": "https://github.com/SerpicoProject/Serpico/commit/0b8600414976a5ad733604c7b1428071baf239c2"
},
{
"url": "https://github.com/SerpicoProject/Serpico/releases/tag/1.3.3",
"refsource": "MISC",
"name": "https://github.com/SerpicoProject/Serpico/releases/tag/1.3.3"
} }
] ]
} }

105
2020/6xxx/CVE-2020-6651.json
View File

@ -1,18 +1,109 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2020-05-04T10:43:00.000Z",
"ID": "CVE-2020-6651", "ID": "CVE-2020-6651",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Command injection via specially crafted file name during config file upload"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Power manager (IPM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.67"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Sivathmican Sivakumaran for working with Eaton and helping Eaton in releasing more robust and secure products. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application."
} }
] ]
} },
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update the software to latest version 1.68."
}
],
"source": {
"advisory": "ETN-VA-202-1004",
"defect": [
"ETN-VA-202-1004"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Block ports 4679 & 4680 at enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used. "
}
]
} }

105
2020/6xxx/CVE-2020-6652.json
View File

@ -1,18 +1,109 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2020-05-04T10:54:00.000Z",
"ID": "CVE-2020-6652", "ID": "CVE-2020-6652",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Incorrect privilege assignment allowing non-admin users to upload config files "
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Power manager (IPM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.67"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Sivathmican Sivakumaran for working with Eaton and helping Eaton in releasing more robust and secure products. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters."
} }
] ]
} },
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the latest version 1.68 available on eaton.com"
}
],
"source": {
"advisory": "ETN-VA-202-1004",
"defect": [
"ETN-VA-202-1004"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Remove users which are not part of the origination and having accounts in the software. \nBlock port 4679 & 4680 at enterprise network firewall to prevent malicious users from accessing the software outside the facility. "
}
]
} }