admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-16 18:01:34 +00:00
parent 54c81b5db3
commit deff2175bd
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
52 changed files with 780 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2019/20xxx/CVE-2019-20909.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/d7913b893bfa98fab27f05825dc4cab2d3a20c83",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/d7913b893bfa98fab27f05825dc4cab2d3a20c83"
}
]
}
}

67
2019/20xxx/CVE-2019-20910.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/f878ba67b638f0d5050b6dba61b9737f64fc53de",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/f878ba67b638f0d5050b6dba61b9737f64fc53de"
}
]
}
}

67
2019/20xxx/CVE-2019-20911.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5"
}
]
}
}

67
2019/20xxx/CVE-2019-20912.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/b84c2cab55948a5ee70860779b2640913e3ee1ed",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/b84c2cab55948a5ee70860779b2640913e3ee1ed"
}
]
}
}

67
2019/20xxx/CVE-2019-20913.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/3f503dd294efc63a59608d8a16058c41d44ba13a",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/3f503dd294efc63a59608d8a16058c41d44ba13a"
}
]
}
}

67
2019/20xxx/CVE-2019-20914.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/3b837bb72d6b9ab4d563faa211f90efc257e3c96",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/3b837bb72d6b9ab4d563faa211f90efc257e3c96"
}
]
}
}

67
2019/20xxx/CVE-2019-20915.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/178",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/178"
},
{
"url": "https://github.com/LibreDWG/libredwg/commit/95cc9300430d35feb05b06a9badf678419463dbe",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/commit/95cc9300430d35feb05b06a9badf678419463dbe"
}
]
}
}

5
2020/0xxx/CVE-2020-0987.json
View File

@ -250,6 +250,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-647/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-647/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-876/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-876/"
}
]
}

180
2020/14xxx/CVE-2020-14497.json
View File

@ -48,6 +48,186 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-847/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-827/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-868/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-852/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-862/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-860/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-846/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-844/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-845/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-855/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-857/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-854/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-864/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-849/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-832/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-835/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-848/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-838/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-850/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-856/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-866/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-842/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-837/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-865/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-851/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-828/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-853/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-843/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-839/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-858/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-830/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-861/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-863/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-869/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-833/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-836/"
}
]
},

5
2020/14xxx/CVE-2020-14499.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-867/"
}
]
},

5
2020/14xxx/CVE-2020-14501.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-859/"
}
]
},

5
2020/14xxx/CVE-2020-14505.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-831/"
}
]
},

15
2020/14xxx/CVE-2020-14507.json
View File

@ -48,6 +48,21 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-841/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-829/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-840/"
}
]
},

5
2020/15xxx/CVE-2020-15304.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-a9a0f8f6cd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0970",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html"
}
]
}

5
2020/15xxx/CVE-2020-15305.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4418-1",
"url": "https://usn.ubuntu.com/4418-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0970",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html"
}
]
}

5
2020/15xxx/CVE-2020-15306.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4418-1",
"url": "https://usn.ubuntu.com/4418-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0970",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00025.html"
}
]
}

5
2020/1xxx/CVE-2020-1381.json
View File

@ -166,6 +166,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-872/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-872/"
}
]
}

5
2020/1xxx/CVE-2020-1382.json
View File

@ -166,6 +166,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-873/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-873/"
}
]
}

5
2020/1xxx/CVE-2020-1439.json
View File

@ -82,6 +82,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-874/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-874/"
}
]
}

4
2020/3xxx/CVE-2020-3140.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability. "
"value": "A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3144.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. "
"value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3145.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. "
"value": "Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user."
}
]
},
@ -88,4 +88,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3146.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. "
"value": "Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user."
}
]
},
@ -88,4 +88,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3150.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. "
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3180.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. "
"value": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3197.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems. "
"value": "A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3323.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. "
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3330.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. "
"value": "A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3331.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. "
"value": "A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3332.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device. "
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3345.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks. "
"value": "A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3348.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3349.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3351.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it. "
"value": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3357.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. "
"value": "A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3358.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition. "
"value": "A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3369.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition. "
"value": "A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3370.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites. "
"value": "A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3372.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition. "
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3378.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. "
"value": "A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3379.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges. "
"value": "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3380.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. "
"value": "A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3381.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system. "
"value": "A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3385.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition. "
"value": "A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3387.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute. "
"value": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3388.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges. "
"value": "A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3401.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. "
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3405.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. "
"value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3406.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. "
"value": "A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3437.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system. "
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3450.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials. "
"value": "A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2020/3xxx/CVE-2020-3468.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. "
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}