admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-10 17:01:39 +00:00
parent c5b7aff61e
commit daebf54444
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
32 changed files with 1340 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/15xxx/CVE-2020-15166.json
View File

@ -98,6 +98,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5460fcf6bd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFW2ZELCCPS4VLU4OSJOH5YL6KFKTFYW/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2443-1] zeromq3 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00017.html"
}
]
},

5
2020/15xxx/CVE-2020-15255.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f",
"refsource": "MISC",
"url": "https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html",
"url": "http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html"
}
]
},

5
2020/15xxx/CVE-2020-15505.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available",
"url": "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available"
},
{
"refsource": "MISC",
"name": "https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/",
"url": "https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/"
}
]
}

5
2020/24xxx/CVE-2020-24426.json
View File

@ -87,6 +87,11 @@
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1354/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1354/"
}
]
},

5
2020/24xxx/CVE-2020-24434.json
View File

@ -87,6 +87,11 @@
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1356/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1356/"
}
]
},

5
2020/24xxx/CVE-2020-24436.json
View File

@ -87,6 +87,11 @@
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1355/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1355/"
}
]
},

5
2020/24xxx/CVE-2020-24438.json
View File

@ -87,6 +87,11 @@
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1357/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1357/"
}
]
},

66
2020/25xxx/CVE-2020-25074.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25074",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://moinmo.in/SecurityFixes",
"refsource": "MISC",
"name": "http://moinmo.in/SecurityFixes"
},
{
"refsource": "DEBIAN",
"name": "DSA-4787",
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"refsource": "MISC",
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
}
]
}

5
2020/25xxx/CVE-2020-25213.json
View File

@ -86,6 +86,11 @@
"url": "https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/",
"refsource": "MISC",
"name": "https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html"
}
]
},

63
2020/26xxx/CVE-2020-26807.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ERP Client for E-Bilanz 1.0",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.4",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2971112",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2971112"
}
]
}

118
2020/26xxx/CVE-2020-26808.json
View File

@ -4,14 +4,126 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP AS ABAP(DMIS)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "2011_1_620"
},
{
"version_name": "<",
"version_value": "2011_1_640"
},
{
"version_name": "<",
"version_value": "2011_1_700"
},
{
"version_name": "<",
"version_value": "2011_1_710"
},
{
"version_name": "<",
"version_value": "2011_1_730"
},
{
"version_name": "<",
"version_value": "2011_1_731"
},
{
"version_name": "<",
"version_value": "2011_1_752"
},
{
"version_name": "<",
"version_value": "2020"
}
]
}
},
{
"product_name": "SAP S4 HANA(DMIS)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "101"
},
{
"version_name": "<",
"version_value": "102"
},
{
"version_name": "<",
"version_value": "103"
},
{
"version_name": "<",
"version_value": "104"
},
{
"version_name": "<",
"version_value": "105"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2973735",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973735"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
}
]
}

75
2020/26xxx/CVE-2020-26809.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2975189",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2975189"
}
]
}

75
2020/26xxx/CVE-2020-26810.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud (Accelerator Payment Mock)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2975170",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2975170"
}
]
}

75
2020/26xxx/CVE-2020-26811.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26811",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud (Accelerator Payment Mock)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2975170",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2975170"
}
]
}

63
2020/26xxx/CVE-2020-26814.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Process Integration (PGP - Module Business-to-Business Add On)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2952084",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2952084"
}
]
}

83
2020/26xxx/CVE-2020-26815.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Fiori Launchpad (News Tile Application)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2984627",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2984627"
}
]
}

63
2020/26xxx/CVE-2020-26817.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2985094",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2985094"
}
]
}

95
2020/26xxx/CVE-2020-26818.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP (Web Dynpro)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
},
{
"version_name": "<",
"version_value": "782"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2971954",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2971954"
}
]
}

95
2020/26xxx/CVE-2020-26819.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP (Web Dynpro)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
},
{
"version_name": "<",
"version_value": "782"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2971954",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2971954"
}
]
}

79
2020/26xxx/CVE-2020-26820.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS JAVA",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2979062",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2979062"
}
]
}

63
2020/26xxx/CVE-2020-26821.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager (JAVA stack)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "10",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2985866",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2985866"
}
]
}

63
2020/26xxx/CVE-2020-26822.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager (JAVA stack)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "10",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2985866",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2985866"
}
]
}

63
2020/26xxx/CVE-2020-26823.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager (JAVA stack)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "10",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2985866",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2985866"
}
]
}

63
2020/26xxx/CVE-2020-26824.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26824",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager (JAVA stack)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "10",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2985866",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2985866"
}
]
}

5
2020/28xxx/CVE-2020-28250.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/summtime/CVE/blob/master/Cellinx/README.md",
"refsource": "MISC",
"name": "https://github.com/summtime/CVE/blob/master/Cellinx/README.md"
},
{
"refsource": "MISC",
"name": "https://github.com/summtime/CVE/tree/master/CVE-2020-28250",

5
2020/28xxx/CVE-2020-28351.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/dievus/cve-2020-28351",
"url": "https://github.com/dievus/cve-2020-28351"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html"
}
]
}

5
2020/3xxx/CVE-2020-3573.json
View File

@ -71,6 +71,11 @@
"name": "20201104 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1362/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1362/"
}
]
},

5
2020/3xxx/CVE-2020-3603.json
View File

@ -71,6 +71,11 @@
"name": "20201104 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1361/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1361/"
}
]
},

5
2020/3xxx/CVE-2020-3604.json
View File

@ -71,6 +71,11 @@
"name": "20201104 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1363/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1363/"
}
]
},

122
2020/6xxx/CVE-2020-6316.json
View File

@ -4,14 +4,130 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ERP",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "600"
},
{
"version_name": "<",
"version_value": "602"
},
{
"version_name": "<",
"version_value": "603"
},
{
"version_name": "<",
"version_value": "604"
},
{
"version_name": "<",
"version_value": "605"
},
{
"version_name": "<",
"version_value": "606"
},
{
"version_name": "<",
"version_value": "616"
},
{
"version_name": "<",
"version_value": "617"
},
{
"version_name": "<",
"version_value": "618"
}
]
}
},
{
"product_name": "SAP S/4 HANA",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "100"
},
{
"version_name": "<",
"version_value": "101"
},
{
"version_name": "<",
"version_value": "102"
},
{
"version_name": "<",
"version_value": "103"
},
{
"version_name": "<",
"version_value": "104"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2944188",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2944188"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
}
]
}

5
2020/7xxx/CVE-2020-7384.json
View File

@ -83,6 +83,11 @@
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14288",
"name": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
}
]
},

5
2020/8xxx/CVE-2020-8037.json
View File

@ -64,6 +64,11 @@
"refsource": "MISC",
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2444-1] tcpdump security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html"
}
]
}