admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-26 15:01:17 +00:00
parent c100b80598
commit f2847541ac
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
33 changed files with 405 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2007/6xxx/CVE-2007-6081.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs."
"value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000."
}
]
},

2
2008/1xxx/CVE-2008-1538.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"value": "Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000."
}
]
},

2
2014/6xxx/CVE-2014-6043.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do."
"value": "ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000."
}
]
},

2
2015/7xxx/CVE-2015-7387.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\""
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
}
]
},

5
2018/12xxx/CVE-2018-12126.json
View File

@ -163,6 +163,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2018/12xxx/CVE-2018-12127.json
View File

@ -163,6 +163,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2018/12xxx/CVE-2018-12130.json
View File

@ -163,6 +163,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2018/12xxx/CVE-2018-12207.json
View File

@ -113,6 +113,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0204",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2018/19xxx/CVE-2018-19518.json
View File

@ -141,6 +141,11 @@
"refsource": "UBUNTU",
"name": "USN-4160-1",
"url": "https://usn.ubuntu.com/4160-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
}

5
2019/11xxx/CVE-2019-11091.json
View File

@ -148,6 +148,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2019/11xxx/CVE-2019-11135.json
View File

@ -183,6 +183,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0730",
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
},

5
2019/18xxx/CVE-2019-18420.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/18xxx/CVE-2019-18421.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/18xxx/CVE-2019-18423.json
View File

@ -86,6 +86,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/18xxx/CVE-2019-18424.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/18xxx/CVE-2019-18425.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19577.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19578.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19580.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19581.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19582.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

5
2019/19xxx/CVE-2019-19583.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-56",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}

64
2019/5xxx/CVE-2019-5105.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5105",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5105",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "3S",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions CODESYS 3.5.15.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0897",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0897"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability."
}
]
}

50
2020/1xxx/CVE-2020-1800.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.185(C00E85R1P11)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-02-smartphone-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-02-smartphone-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations."
}
]
}

5
2020/7xxx/CVE-2020-7059.json
View File

@ -135,6 +135,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0341",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
},

5
2020/7xxx/CVE-2020-7060.json
View File

@ -135,6 +135,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0341",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
},

5
2020/7xxx/CVE-2020-7061.json
View File

@ -98,6 +98,11 @@
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=79171",
"name": "https://bugs.php.net/bug.php?id=79171"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
},

5
2020/7xxx/CVE-2020-7062.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0341",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
},

5
2020/7xxx/CVE-2020-7063.json
View File

@ -100,6 +100,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0341",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
}
]
},

50
2020/7xxx/CVE-2020-7944.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@puppet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Continuous Delivery for Puppet Enterprise (CD4PE)",
"version": {
"version_data": [
{
"version_value": "CD4PE prior to 3.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://puppet.com/security/cve/CVE-2020-7944",
"url": "https://puppet.com/security/cve/CVE-2020-7944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report."
}
]
}

50
2020/9xxx/CVE-2020-9065.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Taurus-AL00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.203(C00E201R7P2)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-smartphone-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability."
}
]
}

50
2020/9xxx/CVE-2020-9066.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OxfordP-AN10B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.1.169(C00E166R4P1)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phone",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phone"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations."
}
]
}

50
2020/9xxx/CVE-2020-9521.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus International",
"product": {
"product_data": [
{
"product_name": "Micro Focus - Service Manager Automation (SMA)",
"version": {
"version_data": [
{
"version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630615",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
]
}