admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-05-06 13:01:23 +00:00
parent e5765d2709
commit ee1de9c6e0
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
52 changed files with 840 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/12xxx/CVE-2019-12921.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0429",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4675",
"url": "https://www.debian.org/security/2020/dsa-4675"
}
]
}

5
2019/16xxx/CVE-2019-16217.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16218.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16219.json
View File

@ -81,6 +81,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16220.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16221.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16222.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16223.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/16xxx/CVE-2019-16780.json
View File

@ -105,6 +105,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2019/16xxx/CVE-2019-16781.json
View File

@ -100,6 +100,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2019/17xxx/CVE-2019-17361.json
View File

@ -66,6 +66,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0357",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4676",
"url": "https://www.debian.org/security/2020/dsa-4676"
}
]
}

5
2019/17xxx/CVE-2019-17669.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/17xxx/CVE-2019-17671.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/17xxx/CVE-2019-17672.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/17xxx/CVE-2019-17673.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/17xxx/CVE-2019-17674.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/17xxx/CVE-2019-17675.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-4599",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

93
2019/19xxx/CVE-2019-19166.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Tobesoft XPlatform Arbitrary File Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XPlatform",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_name": "9.2.2",
"version_value": "9.2.2.260"
}
]
}
}
]
},
"vendor_name": "Tobesoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jeongun Baek for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://support.tobesoft.co.kr/Support/index.html",
"name": "http://support.tobesoft.co.kr/Support/index.html"
},
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35357",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35357"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2019/19xxx/CVE-2019-19167.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Tobesoft Nexacro14 ActiveX File Download Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexacro14",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_name": "2019.9.25.1",
"version_value": "14.0.1.3400"
}
]
}
}
]
},
"vendor_name": "Tobesoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jeongun Baek for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://support.tobesoft.co.kr/Support/index.html",
"name": "http://support.tobesoft.co.kr/Support/index.html"
},
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

86
2019/19xxx/CVE-2019-19168.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dext.ocx ActiveX Control in Dext5 Upload",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.0.0.116 and prior",
"version_value": "5.0.0.117"
}
]
}
}
]
},
"vendor_name": "RAONwiz"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File download & execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26",
"name": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26"
},
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

86
2019/19xxx/CVE-2019-19169.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dext.ocx ActiveX Control in Dext5 Upload",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.0.0.116 and prior",
"version_value": "5.0.0.117"
}
]
}
}
]
},
"vendor_name": "RAONwiz"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File download"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26",
"name": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26"
},
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35353",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35353"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2019/20xxx/CVE-2019-20041.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200114 [SECURITY] [DLA 2067-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/20xxx/CVE-2019-20042.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/509930",
"url": "https://hackerone.com/reports/509930"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/20xxx/CVE-2019-20043.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2019/9xxx/CVE-2019-9787.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
}

5
2020/10xxx/CVE-2020-10938.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4675",
"url": "https://www.debian.org/security/2020/dsa-4675"
}
]
}

5
2020/11xxx/CVE-2020-11025.json
View File

@ -129,6 +129,11 @@
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
"refsource": "MISC",
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11026.json
View File

@ -129,6 +129,11 @@
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11027.json
View File

@ -129,6 +129,11 @@
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11028.json
View File

@ -129,6 +129,11 @@
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11029.json
View File

@ -129,6 +129,11 @@
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11030.json
View File

@ -129,6 +129,11 @@
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh"
},
{
"refsource": "DEBIAN",
"name": "DSA-4677",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
]
},

5
2020/11xxx/CVE-2020-11651.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4676",
"url": "https://www.debian.org/security/2020/dsa-4676"
}
]
}

5
2020/11xxx/CVE-2020-11652.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4676",
"url": "https://www.debian.org/security/2020/dsa-4676"
}
]
}

14
2020/12xxx/CVE-2020-12142.json
View File

@ -12,11 +12,11 @@
"product": {
"product_data": [
{
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP\u202f",
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP\u202f ",
"version": {
"version_data": [
{
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ "
}
]
}
@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "a. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. b. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. Resolution \u2022 EdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. \u2022 EdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security. Any required configuration Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. 8. Product affected All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable"
"value": "1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell."
}
]
},
@ -86,19 +86,19 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.silver-peak.com/support/user-documentation/security-advisories",
"name": "https://www.silver-peak.com/support/user-documentation/security-advisories"
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf",
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12142. \n"
"value": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001 -001",
"advisory": "2020 -04-24-001- 001",
"discovery": "EXTERNAL"
}
}

10
2020/12xxx/CVE-2020-12143.json
View File

@ -17,7 +17,7 @@
"version_data": [
{
"version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ ",
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ "
}
]
}
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "Summary - The certificate used to identify Orchestrator to EdgeConnect devices is not validated Details: The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Product affected - All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ 1. Silver Peak product(s) Applicability 2. Unity EdgeConnect, NX, VX Applicable 3. Unity Orchestrator Applicable 4. EdgeConnect in AWS, Azure, GCP Applicable 5. Silver Peak Cloud Services Not Applicable Resolution \u2022 Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Orchestrator. After the changes, EdgeConnect will validate the certificate used to identify the Orchestrator to EdgeConnect. \u2022 TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration \u2022 Do not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \u2022 Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \u2022 In Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings."
"value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator."
}
]
},
@ -87,15 +87,15 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.silver-peak.com/support/user-documentation/security-advisories",
"name": "https://www.silver-peak.com/support/user-documentation/security-advisories"
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf",
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143. \n"
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf\n"
}
],
"source": {

8
2020/12xxx/CVE-2020-12144.json
View File

@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Details The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. Product affected All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable Resolution \u2022 Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \u2022 TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration \u2022 Do not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \u2022 Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \u2022 In Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings."
"value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal."
}
]
},
@ -81,8 +81,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.silver-peak.com/support/user-documentation/security-advisories",
"name": "https://www.silver-peak.com/support/user-documentation/security-advisories"
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf",
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
]
},
@ -93,7 +93,7 @@
},
{
"lang": "eng",
"value": "The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12144. \n\n"
"value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
],
"source": {

3
2020/2xxx/CVE-2020-2181.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2181",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2182.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2182",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2183.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2183",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2184.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2184",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2185.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2185",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2186.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2186",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2187.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2187",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2188.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2188",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2020/2xxx/CVE-2020-2189.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2020-2189",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

50
2020/4xxx/CVE-2020-4092.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "\"HCL Nomad\"",
"version": {
"version_data": [
{
"version_value": "\"Android versions 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, and iOS versions 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8\""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Sensitive Information Exposure\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078969",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078969"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content.\""
}
]
}

50
2020/6xxx/CVE-2020-6075.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6075",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.5.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0998",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0998"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6076.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6076",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.5.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0999",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0999"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6082.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.4.0 Accusoft ImageGear 19.5.0 Accusoft ImageGear 19.6.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1004",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability."
}
]
}

50
2020/6xxx/CVE-2020-6094.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.4, Accusoft ImageGear 19.5, Accusoft ImageGear 19.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1017",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1017"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

93
2020/7xxx/CVE-2020-7806.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Tobesoft Xplatform ActiveX File Download Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xplatform",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_name": "9.2.2.250",
"version_value": "9.2.2.260"
}
]
}
}
]
},
"vendor_name": "Tobesoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jeongun Baek for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://support.tobesoft.co.kr/Support/index.html",
"name": "http://support.tobesoft.co.kr/Support/index.html"
},
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35359",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35359"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}