admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-29 13:01:36 +00:00
parent 0169fc4b49
commit f9babc0c0f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 574 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2020/14xxx/CVE-2020-14489.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
"ID": "CVE-2020-14489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OpenClinic GA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.09.02"
},
{
"version_affected": "=",
"version_value": "5.89.05b"
}
]
}
}
]
},
"vendor_name": "open source"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brian D. Hysell reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
"name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
}
]
},
"source": {
"advisory": "ICSMA-20-184-01 OpenClinic GA",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
}
]
}

100
2020/14xxx/CVE-2020-14490.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
"ID": "CVE-2020-14490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OpenClinic GA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.09.02"
},
{
"version_affected": "=",
"version_value": "5.89.05b"
}
]
}
}
]
},
"vendor_name": "open source"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brian D. Hysell reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
"name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
}
]
},
"source": {
"advisory": "ICSMA-20-184-01 OpenClinic GA",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
}
]
}

100
2020/14xxx/CVE-2020-14492.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
"ID": "CVE-2020-14492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OpenClinic GA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.09.02"
},
{
"version_affected": "=",
"version_value": "5.89.05b"
}
]
}
}
]
},
"vendor_name": "open source"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brian D. Hysell reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user\u2019s browser."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
"name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
}
]
},
"source": {
"advisory": "ICSMA-20-184-01 OpenClinic GA",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
}
]
}

100
2020/14xxx/CVE-2020-14493.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
"ID": "CVE-2020-14493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OpenClinic GA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.09.02"
},
{
"version_affected": "=",
"version_value": "5.89.05b"
}
]
}
}
]
},
"vendor_name": "open source"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brian D. Hysell reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
"name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
}
]
},
"source": {
"advisory": "ICSMA-20-184-01 OpenClinic GA",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
}
]
}

12
2020/7xxx/CVE-2020-7697.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312",
"name": "https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312"
},
{
"refsource": "CONFIRM",
"url": "https://www.npmjs.com/package/mock2easy"
"refsource": "MISC",
"url": "https://www.npmjs.com/package/mock2easy",
"name": "https://www.npmjs.com/package/mock2easy"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package mock2easy.\n a malicious user could inject commands through the _data variable:\r\n\r\n Affected Area\r\n\r\n require('../server/getJsonByCurl')(mock2easy, function (error, stdout) {\r\n if (error) {\r\n return res.json(500, error);\r\n }\r\n res.json(JSON.parse(stdout));\r\n }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType);\r\n\n"
"value": "This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType);"
}
]
},

12
2020/7xxx/CVE-2020-7698.json
View File

@ -52,12 +52,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470",
"name": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2"
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2",
"name": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2"
}
]
},
@ -65,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package Gerapy from 0 and before 0.9.3.\n The input being passed to Popen, via the project_configure endpoint, isn\u2019t being sanitized.\n"
"value": "This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn\u2019t being sanitized."
}
]
},

50
2020/9xxx/CVE-2020-9689.json
View File

@ -3,15 +3,59 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
}

50
2020/9xxx/CVE-2020-9690.json
View File

@ -3,15 +3,59 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Timing Discrepancy"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass."
}
]
}

50
2020/9xxx/CVE-2020-9691.json
View File

@ -3,15 +3,59 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM-based Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
}

50
2020/9xxx/CVE-2020-9692.json
View File

@ -3,15 +3,59 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Mitigation bypass "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
}