admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-20 15:01:39 +00:00
parent 40317c91fc
commit dad0780075
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
53 changed files with 813 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/11xxx/CVE-2020-11724.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa",
"url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2283-1] nginx security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html"
}
]
}

99
2020/12xxx/CVE-2020-12029.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-06-18T00:00:00.000Z",
"ID": "CVE-2020-12029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation FactoryTalk View SE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryTalk View SE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to Rockwell Automation"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 \u2013 Patch Roll-up for CPR9 SRx."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05"
},
{
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944",
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor\u2019s published guidelines in their security advisory.\nRockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 \u2013 Patch Roll-up for CPR9 SRx."
}
],
"source": {
"advisory": "ICSA-20-170-05 Rockwell Automation FactoryTalk View SE",
"discovery": "EXTERNAL"
}
}

5
2020/12xxx/CVE-2020-12402.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-3ef1937475",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UWVDJRARXNWWWTCGMM63EXLQHH2LNOXO/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12415.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12416.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12417.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12418.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12419.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12420.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12421.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12422.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12423.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12424.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12425.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

5
2020/12xxx/CVE-2020-12426.json
View File

@ -59,6 +59,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0983",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1017",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html"
}
]
},

50
2020/14xxx/CVE-2020-14484.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "Versions 5.09.02 and 5.89.05b"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system\u2019s account lockout protection, which may allow brute force password attacks."
}
]
}

50
2020/14xxx/CVE-2020-14485.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "Versions 5.09.02 and 5.89.05b"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries."
}
]
}

50
2020/14xxx/CVE-2020-14491.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "Versions 5.09.02 and 5.89.05b"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information."
}
]
}

50
2020/14xxx/CVE-2020-14494.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "Versions 5.09.02 and 5.89.05b"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts."
}
]
}

5
2020/14xxx/CVE-2020-14625.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-885/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-885/"
}
]
}

5
2020/14xxx/CVE-2020-14628.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-886/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-886/"
}
]
}

5
2020/14xxx/CVE-2020-14629.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-887/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-887/"
}
]
}

5
2020/14xxx/CVE-2020-14646.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-888/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-888/"
}
]
}

5
2020/14xxx/CVE-2020-14647.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-890/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-890/"
}
]
}

5
2020/14xxx/CVE-2020-14648.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-889/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-889/"
}
]
}

5
2020/14xxx/CVE-2020-14649.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-891/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-891/"
}
]
}

5
2020/14xxx/CVE-2020-14650.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-892/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-892/"
}
]
}

5
2020/14xxx/CVE-2020-14664.json
View File

@ -69,6 +69,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
}
]
}

5
2020/14xxx/CVE-2020-14673.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-898/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-898/"
}
]
}

5
2020/14xxx/CVE-2020-14674.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-896/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-896/"
}
]
}

5
2020/14xxx/CVE-2020-14675.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-895/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-895/"
}
]
}

5
2020/14xxx/CVE-2020-14676.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-894/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-894/"
}
]
}

5
2020/14xxx/CVE-2020-14677.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-893/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-893/"
}
]
}

5
2020/14xxx/CVE-2020-14694.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-899/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-899/"
}
]
}

5
2020/14xxx/CVE-2020-14695.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-900/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-900/"
}
]
}

5
2020/14xxx/CVE-2020-14698.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-901/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-901/"
}
]
}

5
2020/14xxx/CVE-2020-14699.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-902/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-902/"
}
]
}

5
2020/14xxx/CVE-2020-14700.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-903/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-903/"
}
]
}

5
2020/14xxx/CVE-2020-14703.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-905/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-905/"
}
]
}

5
2020/14xxx/CVE-2020-14704.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-904/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-904/"
}
]
}

176
2020/4xxx/CVE-2020-4361.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "L",
"A" : "N",
"I" : "N",
"S" : "U",
"SCORE" : "4.300",
"AV" : "N",
"AC" : "L",
"UI" : "N",
"C" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766."
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4361",
"DATE_PUBLIC" : "2020-07-17T00:00:00",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6249981",
"title" : "IBM Security Bulletin 6249981 (Planning Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6249981"
},
{
"name" : "ibm-planning-cve20204361-info-disc (178766)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178766",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
},
"product_name" : "Planning Analytics"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"PR": "L",
"A": "N",
"I": "N",
"S": "U",
"SCORE": "4.300",
"AV": "N",
"AC": "L",
"UI": "N",
"C": "L"
}
]
}
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766."
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4361",
"DATE_PUBLIC": "2020-07-17T00:00:00",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6249981",
"title": "IBM Security Bulletin 6249981 (Planning Analytics)",
"name": "https://www.ibm.com/support/pages/node/6249981"
},
{
"name": "ibm-planning-cve20204361-info-disc (178766)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178766",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
},
"product_name": "Planning Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

5
2020/4xxx/CVE-2020-4464.json
View File

@ -92,6 +92,11 @@
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181489",
"name": "ibm-websphere-cve20204464-code-exec (181489)"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-878/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-878/"
}
]
},

180
2020/4xxx/CVE-2020-4466.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.500",
"S" : "U",
"C" : "N",
"UI" : "N",
"AV" : "N",
"AC" : "L",
"A" : "H",
"PR" : "L",
"I" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2020-4466",
"DATE_PUBLIC" : "2020-07-17T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6250473 (MQ for HPE NonStop)",
"url" : "https://www.ibm.com/support/pages/node/6250473",
"name" : "https://www.ibm.com/support/pages/node/6250473"
},
{
"name" : "ibm-mq-cve20204466-dos (181563)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1.0"
},
{
"version_value" : "8.0.4"
}
]
},
"product_name" : "MQ for HPE NonStop"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.500",
"S": "U",
"C": "N",
"UI": "N",
"AV": "N",
"AC": "L",
"A": "H",
"PR": "L",
"I": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2020-4466",
"DATE_PUBLIC": "2020-07-17T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6250473 (MQ for HPE NonStop)",
"url": "https://www.ibm.com/support/pages/node/6250473",
"name": "https://www.ibm.com/support/pages/node/6250473"
},
{
"name": "ibm-mq-cve20204466-dos (181563)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1.0"
},
{
"version_value": "8.0.4"
}
]
},
"product_name": "MQ for HPE NonStop"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_version": "4.0"
}

174
2020/4xxx/CVE-2020-4527.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6249981",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6249981 (Planning Analytics)",
"url" : "https://www.ibm.com/support/pages/node/6249981"
},
{
"name" : "ibm-planning-cve20204527-info-disc (182631)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/182631",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4527",
"DATE_PUBLIC" : "2020-07-17T00:00:00"
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6249981",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6249981 (Planning Analytics)",
"url": "https://www.ibm.com/support/pages/node/6249981"
},
{
"name": "ibm-planning-cve20204527-info-disc (182631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182631",
"title": "X-Force Vulnerability Report"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"AV" : "N",
"AC" : "H",
"C" : "H",
"SCORE" : "5.900",
"S" : "U",
"I" : "N",
"PR" : "N",
"A" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631."
}
]
},
"data_format" : "MITRE"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4527",
"DATE_PUBLIC": "2020-07-17T00:00:00"
},
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Planning Analytics",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"UI": "N",
"AV": "N",
"AC": "H",
"C": "H",
"SCORE": "5.900",
"S": "U",
"I": "N",
"PR": "N",
"A": "N"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631."
}
]
},
"data_format": "MITRE"
}

5
2020/6xxx/CVE-2020-6802.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e9c8bdd1e3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX/"
},
{
"refsource": "MISC",
"name": "https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach",
"url": "https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach"
}
]
},

5
2020/6xxx/CVE-2020-6816.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743",
"url": "https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743"
},
{
"refsource": "MISC",
"name": "https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach",
"url": "https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach"
}
]
},

5
2020/8xxx/CVE-2020-8163.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0",
"url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
}
]
},

5
2020/8xxx/CVE-2020-8164.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
}
]
},

5
2020/8xxx/CVE-2020-8165.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
}
]
},

50
2020/8xxx/CVE-2020-8205.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "uppy",
"version": {
"version_data": [
{
"version_value": "Fixed Versions: 1.13.2, 2.0.0-alpha.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/891270",
"url": "https://hackerone.com/reports/891270"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems."
}
]
}

5
2020/9xxx/CVE-2020-9646.json
View File

@ -48,6 +48,11 @@
"name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-883/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-883/"
}
]
},

5
2020/9xxx/CVE-2020-9649.json
View File

@ -48,6 +48,11 @@
"name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-882/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-882/"
}
]
},

5
2020/9xxx/CVE-2020-9650.json
View File

@ -48,6 +48,11 @@
"name": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-884/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-884/"
}
]
},