admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-23 17:01:54 +00:00
parent f5d1fede67
commit e0a2c3bd42
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 780 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/14xxx/CVE-2019-14563.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14563",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}
}

62
2019/14xxx/CVE-2019-14575.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14575",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}
}

62
2019/14xxx/CVE-2019-14586.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14586",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege, information disclosure, denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access."
}
]
}
}

62
2019/14xxx/CVE-2019-14587.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14587",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Extensible Firmware Interface Development Kit (EDK II)",
"version": {
"version_data": [
{
"version_value": "EDK II"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
]
}
}

62
2020/0xxx/CVE-2020-0569.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0569",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) PROSet/Wireless WiFi products on Windows 10",
"version": {
"version_data": [
{
"version_value": "before version 21.70"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access."
}
]
}
}

50
2020/12xxx/CVE-2020-12351.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12351",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
}
]
}

50
2020/12xxx/CVE-2020-12352.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access."
}
]
}

25
2020/27xxx/CVE-2020-27216.json
View File

@ -120,6 +120,31 @@
"refsource": "MLIST",
"name": "[zookeeper-dev] 20201123 Owasp test failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed1b16fb@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rafb023a7c61180a1027819678eb2068b0b60cd5c2559cb8490e26c81@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20201123 [GitHub] [zookeeper] anmolnar opened a new pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r1ed79516bd6d248ea9f0e704dbfd7de740d5a75b71c7be8699fec824@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20201123 [jira] [Updated] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r4f29fb24639ebc5d15fc477656ebc2b3aa00fcfbe197000009c26b40@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20201123 Re: Owasp test failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r568d354961fa88f206dc345411fb11d245c6dc1a8da3e80187fc6706@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r0df8fe10fc36028cf6d0381ab66510917d0d68bc5ef7042001d03830@%3Cdev.zookeeper.apache.org%3E"
}
]
}

192
2020/4xxx/CVE-2020-4771.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4771",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-20T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.300",
"C" : "L",
"A" : "N",
"AV" : "N",
"AC" : "L",
"UI" : "N",
"PR" : "N",
"S" : "U",
"I" : "N"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)",
"name" : "https://www.ibm.com/support/pages/node/6369101",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6369101"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20204771-info-disc (188993)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Operations Center",
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "8.1.10"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.1.11"
}
]
}
}
]
},
"vendor_name" : "IBM"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4771",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-20T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"SCORE": "5.300",
"C": "L",
"A": "N",
"AV": "N",
"AC": "L",
"UI": "N",
"PR": "N",
"S": "U",
"I": "N"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)",
"name": "https://www.ibm.com/support/pages/node/6369101",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993",
"refsource": "XF",
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "8.1.10"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.11"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
]
}
}

182
2020/4xxx/CVE-2020-4783.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-11-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4783"
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"AC" : "H",
"SCORE" : "5.900",
"A" : "N",
"C" : "H",
"UI" : "N",
"PR" : "N",
"I" : "N",
"S" : "U"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6368601 (Spectrum Protect Plus)",
"name" : "https://www.ibm.com/support/pages/node/6368601",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6368601"
},
{
"name" : "ibm-spectrum-cve20204783-info-disc (189214)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189214"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
},
"product_name" : "Spectrum Protect Plus"
}
]
}
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4783"
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"AV": "N",
"AC": "H",
"SCORE": "5.900",
"A": "N",
"C": "H",
"UI": "N",
"PR": "N",
"I": "N",
"S": "U"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.",
"lang" : "eng"
}
]
}
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6368601 (Spectrum Protect Plus)",
"name": "https://www.ibm.com/support/pages/node/6368601",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6368601"
},
{
"name": "ibm-spectrum-cve20204783-info-disc (189214)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189214"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.6"
}
]
},
"product_name": "Spectrum Protect Plus"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.",
"lang": "eng"
}
]
}
}

180
2020/4xxx/CVE-2020-4854.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454."
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6367823",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6367823",
"title" : "IBM Security Bulletin 6367823 (Spectrum Protect Plus)"
},
{
"name" : "ibm-spectrum-cve20204854-info-disc (190454)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190454",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "N",
"PR" : "N",
"S" : "U",
"I" : "H",
"SCORE" : "9.800",
"A" : "H",
"C" : "H",
"AC" : "L",
"AV" : "N"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-11-20T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4854",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Plus",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6367823",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6367823",
"title": "IBM Security Bulletin 6367823 (Spectrum Protect Plus)"
},
{
"name": "ibm-spectrum-cve20204854-info-disc (190454)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190454",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"UI": "N",
"PR": "N",
"S": "U",
"I": "H",
"SCORE": "9.800",
"A": "H",
"C": "H",
"AC": "L",
"AV": "N"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-11-20T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4854",
"ASSIGNER": "psirt@us.ibm.com"
}
}

74
2020/6xxx/CVE-2020-6939.json
View File

@ -4,14 +4,82 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@salesforce.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tableau Server",
"version": {
"version_data": [
{
"version_value": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"
},
{
"version_value": "2018.3 through 2018.3.24"
},
{
"version_value": "2019.1 through 2019.1.22"
},
{
"version_value": "2019.2 through 2019.2.18"
},
{
"version_value": "2019.3 through 2019.3.14"
},
{
"version_value": "2019.4 through 2019.4.13"
},
{
"version_value": "2020.1 through 2020.1.10"
},
{
"version_value": "2020.2 through 2020.2.7"
},
{
"version_value": "2020.3 through 2020.3.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1",
"url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."
}
]
}

5
2020/7xxx/CVE-2020-7928.json
View File

@ -96,8 +96,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-49404"
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/SERVER-49404",
"name": "https://jira.mongodb.org/browse/SERVER-49404"
}
]
},