admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-24 17:01:10 +00:00
parent 68d56a757e
commit ebb533c0c7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 122 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2019/18xxx/CVE-2019-18238.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower",
"product_name": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower",
"version": {
"version_data": [
{
"version_value": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower"
"version_value": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."
"value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."
}
]
}

62
2019/18xxx/CVE-2019-18242.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18242",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower",
"version": {
"version_data": [
{
"version_value": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECTLY SPECIFIED DESTINATION IN A COMMUNICATION CHANNEL CWE-941"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail."
}
]
}
}

5
2020/10xxx/CVE-2020-10385.json
View File

@ -71,6 +71,11 @@
"url": "https://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin/",
"refsource": "MISC",
"name": "https://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156874/WordPress-WPForms-1.5.9-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/156874/WordPress-WPForms-1.5.9-Cross-Site-Scripting.html"
}
]
}

5
2020/5xxx/CVE-2020-5722.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2020-15",
"url": "https://www.tenable.com/security/research/tra-2020-15"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.html"
}
]
},

50
2020/6xxx/CVE-2020-6972.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Notifier Web Server (NWS) Version 3.50 and earlier",
"version": {
"version_data": [
{
"version_value": "Notifier Web Server (NWS) Version 3.50 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser."
}
]
}