admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-13 19:01:58 +00:00
parent 02f26f4332
commit d74ac1cd28
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
15 changed files with 798 additions and 705 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/11xxx/CVE-2020-11947.json
View File

@ -56,6 +56,11 @@
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5",
"refsource": "MISC",
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210113 CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure",
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/4"
}
]
}

2
2020/26xxx/CVE-2020-26262.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface.\n\nAdditionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address.\n\nBy using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting.\n\nThe issue patched in version 4.5.2. \n\nAs a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
]
},

5
2020/28xxx/CVE-2020-28374.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload",
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload",
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/5"
}
]
}

176
2020/4xxx/CVE-2020-4594.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
},
"product_name" : "Security Guardium Insights"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"S" : "U",
"I" : "N",
"UI" : "N",
"SCORE" : "5.900",
"PR" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800."
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4594",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-12T00:00:00"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6403463",
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"name" : "ibm-guardium-cve20204594-info-disc (184800)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
},
"product_name": "Security Guardium Insights"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"S": "U",
"I": "N",
"UI": "N",
"SCORE": "5.900",
"PR": "N"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800."
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4594",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-12T00:00:00"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6403463",
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6403463"
},
{
"name": "ibm-guardium-cve20204594-info-disc (184800)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

172
2020/4xxx/CVE-2020-4595.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-01-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4595",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"SCORE" : "5.900",
"UI" : "N",
"I" : "N",
"S" : "U",
"C" : "H",
"AV" : "N",
"AC" : "H",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4595",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Insights",
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"SCORE": "5.900",
"UI": "N",
"I": "N",
"S": "U",
"C": "H",
"AV": "N",
"AC": "H",
"A": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium Insights",
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"name" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184819",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-guardium-cve20204595-info-disc (184819)"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6403463",
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"name": "https://www.ibm.com/support/pages/node/6403463"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184819",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-guardium-cve20204595-info-disc (184819)"
}
]
}
}

174
2020/4xxx/CVE-2020-4596.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"I" : "N",
"UI" : "N",
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"PR" : "N",
"SCORE" : "5.900"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Insights",
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "N",
"UI": "N",
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"PR": "N",
"SCORE": "5.900"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4596",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-12T00:00:00"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)"
},
{
"name" : "ibm-guardium-cve20204596-info-disc (184821)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184821",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium Insights",
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812."
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4596",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-12T00:00:00"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6403463",
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)"
},
{
"name": "ibm-guardium-cve20204596-info-disc (184821)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184821",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

174
2020/4xxx/CVE-2020-4597.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184822",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-guardium-cve20204597-info-disc (184822)"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-01-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4597",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
},
"product_name" : "Security Guardium Insights"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"AV" : "N",
"C" : "L",
"S" : "U",
"I" : "N",
"UI" : "R",
"SCORE" : "4.300",
"PR" : "N"
}
}
}
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6403463"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184822",
"title": "X-Force Vulnerability Report",
"name": "ibm-guardium-cve20204597-info-disc (184822)"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4597",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
},
"product_name": "Security Guardium Insights"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"AV": "N",
"C": "L",
"S": "U",
"I": "N",
"UI": "R",
"SCORE": "4.300",
"PR": "N"
}
}
}
}

172
2020/4xxx/CVE-2020-4599.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4599",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "L",
"AV" : "N",
"A" : "N",
"AC" : "L",
"UI" : "N",
"I" : "N",
"S" : "U",
"SCORE" : "5.300",
"PR" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Insights",
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
}
}
]
}
"value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4599",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "L",
"AV": "N",
"A": "N",
"AC": "L",
"UI": "N",
"I": "N",
"S": "U",
"SCORE": "5.300",
"PR": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Guardium Insights",
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"name" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184824",
"name" : "ibm-guradium-cve20204599-info-disc (184824)"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"name": "https://www.ibm.com/support/pages/node/6403463"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184824",
"name": "ibm-guradium-cve20204599-info-disc (184824)"
}
]
}
}

172
2020/4xxx/CVE-2020-4600.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4600",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-01-12T00:00:00"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.300",
"PR" : "N",
"AV" : "N",
"A" : "N",
"AC" : "L",
"C" : "L",
"I" : "N",
"S" : "U",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4600",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-12T00:00:00"
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
},
"product_name" : "Security Guardium Insights"
}
]
}
"value": "IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.300",
"PR": "N",
"AV": "N",
"A": "N",
"AC": "L",
"C": "L",
"I": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
},
"product_name": "Security Guardium Insights"
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"name" : "ibm-guardium-cve20204600--info-disc (184832)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184832",
"refsource" : "XF"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6403463"
},
{
"name": "ibm-guardium-cve20204600--info-disc (184832)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184832",
"refsource": "XF"
}
]
}
}

174
2020/4xxx/CVE-2020-4602.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"A" : "N",
"AC" : "L",
"AV" : "L",
"UI" : "N",
"S" : "U",
"I" : "N",
"SCORE" : "4.400",
"PR" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
},
"product_name" : "Security Guardium Insights"
}
]
}
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"A": "N",
"AC": "L",
"AV": "L",
"UI": "N",
"S": "U",
"I": "N",
"SCORE": "4.400",
"PR": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4602",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6403463",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184836",
"refsource" : "XF",
"name" : "ibm-guardium-cve20204602-info-disc (184836)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
},
"product_name": "Security Guardium Insights"
}
]
}
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4602",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6403463",
"url": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184836",
"refsource": "XF",
"name": "ibm-guardium-cve20204602-info-disc (184836)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

174
2020/4xxx/CVE-2020-4604.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "L",
"AC" : "H",
"A" : "N",
"C" : "H",
"I" : "N",
"S" : "U",
"UI" : "N",
"SCORE" : "4.100",
"PR" : "H"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0.2"
}
]
},
"product_name" : "Security Guardium Insights"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AV": "L",
"AC": "H",
"A": "N",
"C": "H",
"I": "N",
"S": "U",
"UI": "N",
"SCORE": "4.100",
"PR": "H"
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2020-4604",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-01-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url" : "https://www.ibm.com/support/pages/node/6403463",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6403463"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/184881",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-guardium-cve20204604-info-disc (184881)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0.2"
}
]
},
"product_name": "Security Guardium Insights"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4604",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-01-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6403463 (Security Guardium Insights)",
"url": "https://www.ibm.com/support/pages/node/6403463",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6403463"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184881",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-guardium-cve20204604-info-disc (184881)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

87
2020/9xxx/CVE-2020-9144.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_value": "EMUI 11.0.0"
},
{
"version_value": "EMUI 10.1.1"
},
{
"version_value": "EMUI 10.1.0"
},
{
"version_value": "EMUI 10.0.0"
},
{
"version_value": "EMUI 9.1.1"
},
{
"version_value": "EMUI 9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_value": "Magic UI 4.0.0"
},
{
"version_value": "Magic UI 3.1.1"
},
{
"version_value": "Magic UI 3.1.0"
},
{
"version_value": "Magic UI 3.0.0"
},
{
"version_value": "Magic UI 2.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://consumer.huawei.com/en/support/bulletin/2020/12/",
"url": "https://consumer.huawei.com/en/support/bulletin/2020/12/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer."
}
]
}

2
2021/21xxx/CVE-2021-21252.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package \"jquery-validation\".\n\njquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service).\n\nThis is fixed in 1.19.3."
"value": "The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package \"jquery-validation\". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3."
}
]
},

7
2021/3xxx/CVE-2021-3031.json
View File

@ -77,7 +77,7 @@
"description_data": [
{
"lang": "eng",
"value": "Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets.\n\nThis issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001.\nThis issue impacts:\nPAN-OS 8.1 version earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.5."
"value": "Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5."
}
]
},
@ -121,8 +121,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3031"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3031",
"name": "https://security.paloaltonetworks.com/CVE-2021-3031"
}
]
},

7
2021/3xxx/CVE-2021-3032.json
View File

@ -85,7 +85,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log.\n\nLogged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles.\n\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.18;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.12;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.4;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
}
]
},
@ -129,8 +129,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3032"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3032",
"name": "https://security.paloaltonetworks.com/CVE-2021-3032"
}
]
},