admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-16 15:01:40 +00:00
parent 5bf37c2a03
commit e279559db2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 371 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/14xxx/CVE-2020-14248.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-14248", "ID": "CVE-2020-14248",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@hcl.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL BigFix Inventory",
"version": {
"version_data": [
{
"version_value": "v9, v10.0.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security misconfiguration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
} }
] ]
} }

50
2020/14xxx/CVE-2020-14254.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-14254", "ID": "CVE-2020-14254",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@hcl.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HCL BigFix Inventory",
"version": {
"version_data": [
{
"version_value": "v9.x, v10.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Misconfiguration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
} }
] ]
} }

66
2020/25xxx/CVE-2020-25620.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-25620",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-25620",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"name": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"url": "https://ernw.de/en/publications.html",
"refsource": "MISC",
"name": "https://ernw.de/en/publications.html"
},
{
"refsource": "MISC",
"name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/",
"url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/"
} }
] ]
} }

66
2020/25xxx/CVE-2020-25621.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-25621",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-25621",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"name": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"url": "https://ernw.de/en/publications.html",
"refsource": "MISC",
"name": "https://ernw.de/en/publications.html"
},
{
"refsource": "MISC",
"name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/",
"url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/"
} }
] ]
} }

66
2020/25xxx/CVE-2020-25622.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-25622",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-25622",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"name": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"url": "https://ernw.de/en/publications.html",
"refsource": "MISC",
"name": "https://ernw.de/en/publications.html"
},
{
"refsource": "MISC",
"name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/",
"url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/"
} }
] ]
} }

56
2020/29xxx/CVE-2020-29607.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-29607",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-29607",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the \"manage files\" functionality, which may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/pluck-cms/pluck/issues/96",
"refsource": "MISC",
"name": "https://github.com/pluck-cms/pluck/issues/96"
} }
] ]
} }

50
2020/4xxx/CVE-2020-4008.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-4008", "ID": "CVE-2020-4008",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@vmware.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Carbon Black Cloud macOS Sensor",
"version": {
"version_data": [
{
"version_value": "VMware Carbon Black Cloud macOS Sensor prior to 3.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File overwrite issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0028.html"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation."
} }
] ]
} }