admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-27 17:01:17 +00:00
parent ef1b38973a
commit d405c9c1d8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 306 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2019/3xxx/CVE-2019-3420.json
View File

@ -45,7 +45,7 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802"
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations."
"value": "All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations."
}
]
}

216
2019/4xxx/CVE-2019-4669.json
View File

@ -1,112 +1,112 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/3552261",
"title" : "IBM Security Bulletin 3552261 (Business Process Manager)",
"url" : "https://www.ibm.com/support/pages/node/3552261",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171254",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-bpm-cve20194669-sql-injection (171254)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "19.0.0.3"
}
]
},
"product_name" : "Business Automation Workflow"
},
{
"version" : {
"version_data" : [
{
"version_value" : "8.6.0.0"
},
{
"version_value" : "8.5.7.0"
},
{
"version_value" : "8.6.0.0.CF2018.03"
},
{
"version_value" : "8.5.7.0.2017.06"
}
]
},
"product_name" : "Business Process Manager"
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/3552261",
"title": "IBM Security Bulletin 3552261 (Business Process Manager)",
"url": "https://www.ibm.com/support/pages/node/3552261",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171254",
"title": "X-Force Vulnerability Report",
"name": "ibm-bpm-cve20194669-sql-injection (171254)",
"refsource": "XF"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-02-26T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4669",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "18.0.0.1"
},
{
"version_value": "19.0.0.3"
}
]
},
"product_name": "Business Automation Workflow"
},
{
"version": {
"version_data": [
{
"version_value": "8.6.0.0"
},
{
"version_value": "8.5.7.0"
},
{
"version_value": "8.6.0.0.CF2018.03"
},
{
"version_value": "8.5.7.0.2017.06"
}
]
},
"product_name": "Business Process Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"A" : "L",
"AC" : "L",
"UI" : "N",
"AV" : "N",
"PR" : "L",
"SCORE" : "6.300",
"C" : "L",
"S" : "U"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-02-26T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4669",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"A": "L",
"AC": "L",
"UI": "N",
"AV": "N",
"PR": "L",
"SCORE": "6.300",
"C": "L",
"S": "U"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_version": "4.0"
}

58
2019/5xxx/CVE-2019-5323.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5323",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5323",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.2.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution via Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host."
}
]
}

58
2019/5xxx/CVE-2019-5326.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5326",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AirWave Management Platform",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.2.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution due to unsafe Java Deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component."
}
]
}

50
2020/6xxx/CVE-2020-6863.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE Corporation",
"product": {
"product_data": [
{
"product_name": "E8820V3",
"version": {
"version_data": [
{
"version_value": "All versions up to V3.1.0.1000.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permission and access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL."
}
]
}

50
2020/6xxx/CVE-2020-6864.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE Corporation",
"product": {
"product_data": [
{
"product_name": "E8820V3",
"version": {
"version_data": [
{
"version_value": "All versions up to V3.1.0.1000.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router."
}
]
}