diff --git a/2019/11xxx/CVE-2019-11556.json b/2019/11xxx/CVE-2019-11556.json index 1ac80a51fc8..62c199f3e95 100644 --- a/2019/11xxx/CVE-2019-11556.json +++ b/2019/11xxx/CVE-2019-11556.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618", "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1765", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html" } ] } diff --git a/2019/4xxx/CVE-2019-4547.json b/2019/4xxx/CVE-2019-4547.json index caab9d2f9b9..b0fcc1e6451 100644 --- a/2019/4xxx/CVE-2019-4547.json +++ b/2019/4xxx/CVE-2019-4547.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356607", - "name" : "https://www.ibm.com/support/pages/node/6356607", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356607 (Security Directory Server)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", - "name" : "ibm-sds-cve20194547-info-disc (165949)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.4.0" - } - ] - }, - "product_name" : "Security Directory Server" - } - ] - } + "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", + "lang": "eng" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356607 (Security Directory Server)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", + "name": "ibm-sds-cve20194547-info-disc (165949)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + }, + "product_name": "Security Directory Server" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "SCORE" : "5.300", - "AC" : "L", - "A" : "N", - "UI" : "N", - "S" : "U", - "I" : "N", - "AV" : "N", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "ID" : "CVE-2019-4547" - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "SCORE": "5.300", + "AC": "L", + "A": "N", + "UI": "N", + "S": "U", + "I": "N", + "AV": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ID": "CVE-2019-4547" + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4563.json b/2019/4xxx/CVE-2019-4563.json index 36fc8cf3825..234f0330ed0 100644 --- a/2019/4xxx/CVE-2019-4563.json +++ b/2019/4xxx/CVE-2019-4563.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6356607 (Security Directory Server)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6356607", - "name" : "https://www.ibm.com/support/pages/node/6356607" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sds-cve20194563-info-disc (166624)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Directory Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.0" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6356607 (Security Directory Server)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sds-cve20194563-info-disc (166624)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "I" : "N", - "AV" : "N", - "C" : "L", - "A" : "N", - "UI" : "N", - "AC" : "H", - "S" : "U", - "PR" : "N", - "SCORE" : "3.700" - } - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4563" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "N", + "AV": "N", + "C": "L", + "A": "N", + "UI": "N", + "AC": "H", + "S": "U", + "PR": "N", + "SCORE": "3.700" + } + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4563" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15190.json b/2020/15xxx/CVE-2020-15190.json index 4d75145f697..69b59e5bf80 100644 --- a/2020/15xxx/CVE-2020-15190.json +++ b/2020/15xxx/CVE-2020-15190.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15191.json b/2020/15xxx/CVE-2020-15191.json index 2f8b4540f82..bdceab9a0ef 100644 --- a/2020/15xxx/CVE-2020-15191.json +++ b/2020/15xxx/CVE-2020-15191.json @@ -94,6 +94,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15192.json b/2020/15xxx/CVE-2020-15192.json index 8e92f95595e..e84ea5377e0 100644 --- a/2020/15xxx/CVE-2020-15192.json +++ b/2020/15xxx/CVE-2020-15192.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15193.json b/2020/15xxx/CVE-2020-15193.json index eaf2acfcb23..2943e7e3b91 100644 --- a/2020/15xxx/CVE-2020-15193.json +++ b/2020/15xxx/CVE-2020-15193.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15194.json b/2020/15xxx/CVE-2020-15194.json index 873e58949cf..c27861ebb39 100644 --- a/2020/15xxx/CVE-2020-15194.json +++ b/2020/15xxx/CVE-2020-15194.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15195.json b/2020/15xxx/CVE-2020-15195.json index 27a1f76ae79..09764b50866 100644 --- a/2020/15xxx/CVE-2020-15195.json +++ b/2020/15xxx/CVE-2020-15195.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15202.json b/2020/15xxx/CVE-2020-15202.json index 9d7f63c9d9d..8db71c4621f 100644 --- a/2020/15xxx/CVE-2020-15202.json +++ b/2020/15xxx/CVE-2020-15202.json @@ -108,6 +108,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15203.json b/2020/15xxx/CVE-2020-15203.json index 421080960df..be6e4898340 100644 --- a/2020/15xxx/CVE-2020-15203.json +++ b/2020/15xxx/CVE-2020-15203.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15204.json b/2020/15xxx/CVE-2020-15204.json index 9babef0b34f..342980aa6ae 100644 --- a/2020/15xxx/CVE-2020-15204.json +++ b/2020/15xxx/CVE-2020-15204.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15205.json b/2020/15xxx/CVE-2020-15205.json index 2d7aa7ef276..d11a5519a36 100644 --- a/2020/15xxx/CVE-2020-15205.json +++ b/2020/15xxx/CVE-2020-15205.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15206.json b/2020/15xxx/CVE-2020-15206.json index 603fca189f4..fe7b833644e 100644 --- a/2020/15xxx/CVE-2020-15206.json +++ b/2020/15xxx/CVE-2020-15206.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15207.json b/2020/15xxx/CVE-2020-15207.json index 6ea2490baf6..21067fd9482 100644 --- a/2020/15xxx/CVE-2020-15207.json +++ b/2020/15xxx/CVE-2020-15207.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15208.json b/2020/15xxx/CVE-2020-15208.json index 379690dd478..fbfd53b8d4a 100644 --- a/2020/15xxx/CVE-2020-15208.json +++ b/2020/15xxx/CVE-2020-15208.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15209.json b/2020/15xxx/CVE-2020-15209.json index c5aed6f5027..736967f1a08 100644 --- a/2020/15xxx/CVE-2020-15209.json +++ b/2020/15xxx/CVE-2020-15209.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15210.json b/2020/15xxx/CVE-2020-15210.json index 4321a64001e..e825062e261 100644 --- a/2020/15xxx/CVE-2020-15210.json +++ b/2020/15xxx/CVE-2020-15210.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15211.json b/2020/15xxx/CVE-2020-15211.json index 51c53fa7c50..4526d71491a 100644 --- a/2020/15xxx/CVE-2020-15211.json +++ b/2020/15xxx/CVE-2020-15211.json @@ -128,6 +128,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27993.json b/2020/27xxx/CVE-2020-27993.json new file mode 100644 index 00000000000..9d591db14dd --- /dev/null +++ b/2020/27xxx/CVE-2020-27993.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/48920", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48920" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27994.json b/2020/27xxx/CVE-2020-27994.json new file mode 100644 index 00000000000..7d9f2964863 --- /dev/null +++ b/2020/27xxx/CVE-2020-27994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4721.json b/2020/4xxx/CVE-2020-4721.json index 201627782b8..74287497260 100644 --- a/2020/4xxx/CVE-2020-4721.json +++ b/2020/4xxx/CVE-2020-4721.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4721" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "UI" : "R", - "S" : "U", - "PR" : "N", - "SCORE" : "7.800", - "I" : "H", - "AV" : "L", - "C" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analyst Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-i2-cve20204721-bo (187868)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" - } - ] - } -} + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4721" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "UI": "R", + "S": "U", + "PR": "N", + "SCORE": "7.800", + "I": "H", + "AV": "L", + "C": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-i2-cve20204721-bo (187868)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4722.json b/2020/4xxx/CVE-2020-4722.json index 6d84e6720ec..7d6aa021075 100644 --- a/2020/4xxx/CVE-2020-4722.json +++ b/2020/4xxx/CVE-2020-4722.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "AV" : "L", - "I" : "H", - "SCORE" : "7.800", - "PR" : "N", - "S" : "U", - "UI" : "R", - "A" : "H", - "AC" : "L" - } - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2020-4722", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", - "name" : "ibm-i2-cve20204722-bo (187870)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analyst Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "AV": "L", + "I": "H", + "SCORE": "7.800", + "PR": "N", + "S": "U", + "UI": "R", + "A": "H", + "AC": "L" } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2020-4722", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", + "name": "ibm-i2-cve20204722-bo (187870)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4723.json b/2020/4xxx/CVE-2020-4723.json index d6c30950faa..3fb18d46437 100644 --- a/2020/4xxx/CVE-2020-4723.json +++ b/2020/4xxx/CVE-2020-4723.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - }, - "product_name" : "i2 Analyst Notebook" - } - ] - } + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", + "lang": "eng" } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204723-bo (187873)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + }, + "product_name": "i2 Analyst Notebook" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4723", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "PR" : "N", - "SCORE" : "7.800", - "AC" : "L", - "A" : "H", - "UI" : "R", - "S" : "U", - "I" : "H", - "C" : "H", - "AV" : "L" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204723-bo (187873)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4723", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "PR": "N", + "SCORE": "7.800", + "AC": "L", + "A": "H", + "UI": "R", + "S": "U", + "I": "H", + "C": "H", + "AV": "L" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4864.json b/2020/4xxx/CVE-2020-4864.json index 06b12313dba..b1eabaf5b22 100644 --- a/2020/4xxx/CVE-2020-4864.json +++ b/2020/4xxx/CVE-2020-4864.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "A", - "C" : "N", - "I" : "L", - "S" : "U", - "A" : "N", - "AC" : "L", - "UI" : "N", - "SCORE" : "4.300", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4864", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-28T00:00:00" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Bypass Security", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356441 (Resilient OnPrem)", - "name" : "https://www.ibm.com/support/pages/node/6356441", - "url" : "https://www.ibm.com/support/pages/node/6356441" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-resilient-cve20204864-spoofing (190567)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Resilient OnPrem", - "version" : { - "version_data" : [ - { - "version_value" : "38" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "AV": "A", + "C": "N", + "I": "L", + "S": "U", + "A": "N", + "AC": "L", + "UI": "N", + "SCORE": "4.300", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4864", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Bypass Security", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356441 (Resilient OnPrem)", + "name": "https://www.ibm.com/support/pages/node/6356441", + "url": "https://www.ibm.com/support/pages/node/6356441" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-resilient-cve20204864-spoofing (190567)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resilient OnPrem", + "version": { + "version_data": [ + { + "version_value": "38" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5931.json b/2020/5xxx/CVE-2020-5931.json index 64fc3e26c3f..0f430ce986f 100644 --- a/2020/5xxx/CVE-2020-5931.json +++ b/2020/5xxx/CVE-2020-5931.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K25400442", + "url": "https://support.f5.com/csp/article/K25400442" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart." } ] } diff --git a/2020/5xxx/CVE-2020-5932.json b/2020/5xxx/CVE-2020-5932.json index 46153dffb0b..fc80172f02b 100644 --- a/2020/5xxx/CVE-2020-5932.json +++ b/2020/5xxx/CVE-2020-5932.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K12002065", + "url": "https://support.f5.com/csp/article/K12002065" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened." } ] } diff --git a/2020/5xxx/CVE-2020-5933.json b/2020/5xxx/CVE-2020-5933.json index 9d029446011..2ce28f4b2f4 100644 --- a/2020/5xxx/CVE-2020-5933.json +++ b/2020/5xxx/CVE-2020-5933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K26244025", + "url": "https://support.f5.com/csp/article/K26244025" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system." } ] } diff --git a/2020/5xxx/CVE-2020-5934.json b/2020/5xxx/CVE-2020-5934.json index 5ed3926a61e..edf1c48226c 100644 --- a/2020/5xxx/CVE-2020-5934.json +++ b/2020/5xxx/CVE-2020-5934.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44808538", + "url": "https://support.f5.com/csp/article/K44808538" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted." } ] } diff --git a/2020/5xxx/CVE-2020-5935.json b/2020/5xxx/CVE-2020-5935.json index c4ed97db258..0cc34013f33 100644 --- a/2020/5xxx/CVE-2020-5935.json +++ b/2020/5xxx/CVE-2020-5935.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K62830532", + "url": "https://support.f5.com/csp/article/K62830532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file." } ] } diff --git a/2020/5xxx/CVE-2020-5936.json b/2020/5xxx/CVE-2020-5936.json index 53bc85b54b5..87596e299a6 100644 --- a/2020/5xxx/CVE-2020-5936.json +++ b/2020/5xxx/CVE-2020-5936.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44020030", + "url": "https://support.f5.com/csp/article/K44020030" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile." } ] }