admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-30 14:01:16 +00:00
parent 0d46dc2e52
commit f71913fb86
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 505 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2019/19xxx/CVE-2019-19161.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIPLATFORM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2016.5.26.1"
}
]
}
}
]
},
"vendor_name": "TOBESOFT.CO.LTD"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jeongun Baek"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing support for integrity check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.tobesoft.com/Index.do",
"name": "https://www.tobesoft.com/Index.do"
},
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

99
2019/19xxx/CVE-2019-19163.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-19163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Commax WallPad Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wallpad",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "2019.12.30",
"version_value": "2019.12.30"
}
]
}
}
]
},
"vendor_name": "COMMAX"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to SeongJun Jo for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35477",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35477"
},
{
"refsource": "MISC",
"url": "https://www.commax.com/index.php?cate1=10&cate2=21&cate3=23&nnum=2016",
"name": "https://www.commax.com/index.php?cate1=10&cate2=21&cate3=23&nnum=2016"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update software over COMMAX WallPad(CDP-1020MB) Firmware 2019.12.30 version or higher.\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2020/14xxx/CVE-2020-14073.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df",
"url": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df"
},
{
"refsource": "MISC",
"name": "https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about",
"url": "https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about"
}
]
}

5
2020/14xxx/CVE-2020-14472.json
View File

@ -48,6 +48,11 @@
"refsource": "CONFIRM",
"name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472)",
"url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472)"
},
{
"refsource": "MISC",
"name": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14472.md",
"url": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14472.md"
}
]
},

5
2020/14xxx/CVE-2020-14473.json
View File

@ -48,6 +48,11 @@
"refsource": "CONFIRM",
"name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)",
"url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)"
},
{
"refsource": "MISC",
"name": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md",
"url": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md"
}
]
},

5
2020/14xxx/CVE-2020-14943.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158217/BSA-Radar-1.6.7234.24750-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/158217/BSA-Radar-1.6.7234.24750-Cross-Site-Scripting.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/48619"
}
]
}

62
2020/15xxx/CVE-2020-15411.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a"
}
]
}
}

62
2020/15xxx/CVE-2020-15412.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef"
}
]
}
}

18
2020/15xxx/CVE-2020-15413.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15414.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2020/15xxx/CVE-2020-15415.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.draytek.com/about/security-advisory",
"refsource": "MISC",
"name": "https://www.draytek.com/about/security-advisory"
},
{
"url": "https://github.com/CLP-team/Vigor-Commond-Injection",
"refsource": "MISC",
"name": "https://github.com/CLP-team/Vigor-Commond-Injection"
}
]
}
}

86
2020/7xxx/CVE-2020-7816.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2020-06-30T06:00:00.000Z",
"ID": "CVE-2020-7816",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DaView Indy, DaVA+, DaOffice",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "v8.995"
}
]
}
}
]
},
"vendor_name": "HUMAN TALK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "UNKNOWN"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35483",
"refsource": "CONFIRM",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35483"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}