admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-02 15:01:29 +00:00
parent 02fa20180b
commit e1e3bb732c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 591 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/4xxx/CVE-2016-4074.json
View File

@ -66,6 +66,11 @@
"name": "[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/24/3"
},
{
"refsource": "MISC",
"name": "https://github.com/stedolan/jq/",
"url": "https://github.com/stedolan/jq/"
}
]
}

81
2020/11xxx/CVE-2020-11100.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.haproxy.org",
"refsource": "MISC",
"name": "http://www.haproxy.org"
},
{
"refsource": "CONFIRM",
"name": "https://www.haproxy.org/download/2.1/src/CHANGELOG",
"url": "https://www.haproxy.org/download/2.1/src/CHANGELOG"
},
{
"refsource": "CONFIRM",
"name": "https://lists.debian.org/debian-security-announce/2020/msg00052.html",
"url": "https://lists.debian.org/debian-security-announce/2020/msg00052.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111"
},
{
"refsource": "CONFIRM",
"name": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88",
"url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88"
}
]
}

61
2020/11xxx/CVE-2020-11451.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability",
"refsource": "MISC",
"name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability"
},
{
"refsource": "MISC",
"name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/",
"url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/"
}
]
}

61
2020/11xxx/CVE-2020-11454.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability",
"refsource": "MISC",
"name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability"
},
{
"refsource": "MISC",
"name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/",
"url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/"
}
]
}

176
2020/4xxx/CVE-2020-4303.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4303"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6147195",
"title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6147195"
},
{
"refsource" : "XF",
"name" : "ibm-websphere-cve20204303-xss (176668)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176668"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-03-31T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4303"
},
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "17.0.0.3"
},
{
"version_value" : "20.0.0.3"
}
]
},
"product_name" : "WebSphere Application Server Liberty"
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/6147195",
"title": "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6147195"
},
{
"refsource": "XF",
"name": "ibm-websphere-cve20204303-xss (176668)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176668"
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "17.0.0.3"
},
{
"version_value": "20.0.0.3"
}
]
},
"product_name": "WebSphere Application Server Liberty"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"AC" : "L",
"AV" : "N",
"UI" : "R",
"PR" : "N",
"I" : "L",
"SCORE" : "6.100",
"S" : "C",
"A" : "N",
"C" : "L"
}
}
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"AC": "L",
"AV": "N",
"UI": "R",
"PR": "N",
"I": "L",
"SCORE": "6.100",
"S": "C",
"A": "N",
"C": "L"
}
}
}
}

176
2020/4xxx/CVE-2020-4304.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6147195",
"title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"url" : "https://www.ibm.com/support/pages/node/6147195"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-websphere-cve20204304-xss (176670)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176670"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-03-31T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4304"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "17.0.0.3"
},
{
"version_value" : "20.0.0.3"
}
]
},
"product_name" : "WebSphere Application Server Liberty"
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6147195",
"title": "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)",
"url": "https://www.ibm.com/support/pages/node/6147195"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-websphere-cve20204304-xss (176670)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176670"
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-03-31T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4304"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "17.0.0.3"
},
{
"version_value": "20.0.0.3"
}
]
},
"product_name": "WebSphere Application Server Liberty"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"I" : "L",
"SCORE" : "6.100",
"PR" : "N",
"UI" : "R",
"AC" : "L",
"AV" : "N",
"C" : "L",
"A" : "N",
"S" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.",
"lang" : "eng"
}
]
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"I": "L",
"SCORE": "6.100",
"PR": "N",
"UI": "R",
"AC": "L",
"AV": "N",
"C": "L",
"A": "N",
"S": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.",
"lang": "eng"
}
]
}
}

214
2020/4xxx/CVE-2020-4325.json
View File

@ -1,112 +1,112 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6125403",
"url" : "https://www.ibm.com/support/pages/node/6125403"
},
{
"name" : "ibm-icp4a-cve20204325-dos (177596)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4325",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-04-01T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "18.0.0.1"
},
{
"version_value" : "18.0.0.2"
},
{
"version_value" : "19.0.0.1"
},
{
"version_value" : "19.0.0.2"
},
{
"version_value" : "19.0.0.3"
}
]
},
"product_name" : "Process Federation Server"
},
{
"product_name" : "Automation Workstream Services in Cloud Pak for Automation",
"version" : {
"version_data" : [
{
"version_value" : "19.0.0.3"
}
]
}
}
]
}
"title": "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6125403",
"url": "https://www.ibm.com/support/pages/node/6125403"
},
{
"name": "ibm-icp4a-cve20204325-dos (177596)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"S" : "U",
"A" : "H",
"PR" : "L",
"SCORE" : "6.500",
"I" : "N",
"AV" : "N",
"AC" : "L",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2020-4325",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-04-01T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "18.0.0.1"
},
{
"version_value": "18.0.0.2"
},
{
"version_value": "19.0.0.1"
},
{
"version_value": "19.0.0.2"
},
{
"version_value": "19.0.0.3"
}
]
},
"product_name": "Process Federation Server"
},
{
"product_name": "Automation Workstream Services in Cloud Pak for Automation",
"version": {
"version_data": [
{
"version_value": "19.0.0.3"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.",
"lang" : "eng"
}
]
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"S": "U",
"A": "H",
"PR": "L",
"SCORE": "6.500",
"I": "N",
"AV": "N",
"AC": "L",
"UI": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.",
"lang": "eng"
}
]
}
}

61
2020/6xxx/CVE-2020-6852.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cacagoo.com",
"refsource": "MISC",
"name": "https://www.cacagoo.com"
},
{
"refsource": "MISC",
"name": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/",
"url": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/"
}
]
}

4
2020/8xxx/CVE-2020-8016.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-04-01T00:00:00.000Z",
"ID": "CVE-2020-8016",
"STATE": "PUBLIC",
@ -87,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges.\nThis issue affects:\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1\ntexlive-filesystem versions prior to 2017.135-9.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP4\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP5\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nopenSUSE Leap 15.1\ntexlive-filesystem versions prior to 2017.135-lp151.8.3.1."
"value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
}
]
},

4
2020/8xxx/CVE-2020-8017.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-04-02T00:00:00.000Z",
"ID": "CVE-2020-8017",
"STATE": "PUBLIC",
@ -87,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system\nThis issue affects:\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1\ntexlive-filesystem versions prior to 2017.135-9.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP4\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP5\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nopenSUSE Leap 15.1\ntexlive-filesystem versions prior to 2017.135-lp151.8.3.1."
"value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
}
]
},

61
2020/9xxx/CVE-2020-9349.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cacagoo.com",
"refsource": "MISC",
"name": "https://www.cacagoo.com"
},
{
"refsource": "MISC",
"name": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/",
"url": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/"
}
]
}