diff --git a/2019/19xxx/CVE-2019-19162.json b/2019/19xxx/CVE-2019-19162.json index 273a3662368..23f63a4dd69 100644 --- a/2019/19xxx/CVE-2019-19162.json +++ b/2019/19xxx/CVE-2019-19162.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2019-08-30T15:00:00.000Z", "ID": "CVE-2019-19162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XPLATFORM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.2.2" + } + ] + } + } + ] + }, + "vendor_name": "TOBESOFT" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jeongun Baek" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": "7.8", + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35387", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35387" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4667.json b/2019/4xxx/CVE-2019-4667.json index f2cd614f112..f26151ad23b 100644 --- a/2019/4xxx/CVE-2019-4667.json +++ b/2019/4xxx/CVE-2019-4667.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6208076", - "title" : "IBM Security Bulletin 6208076 (UrbanCode Deploy)", - "name" : "https://www.ibm.com/support/pages/node/6208076" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249", - "name" : "ibm-ucd-cve20194667-info-disc (171249)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "S" : "U", - "PR" : "N", - "A" : "N", - "I" : "N", - "AC" : "H", - "UI" : "N", - "C" : "H", - "SCORE" : "5.900" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249." - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0.5.2" - } - ] - }, - "product_name" : "UrbanCode Deploy" - } - ] - } + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6208076", + "title": "IBM Security Bulletin 6208076 (UrbanCode Deploy)", + "name": "https://www.ibm.com/support/pages/node/6208076" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249", + "name": "ibm-ucd-cve20194667-info-disc (171249)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-08T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4667", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "S": "U", + "PR": "N", + "A": "N", + "I": "N", + "AC": "H", + "UI": "N", + "C": "H", + "SCORE": "5.900" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249." + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0.5.2" + } + ] + }, + "product_name": "UrbanCode Deploy" + } + ] + } + } ] - } - ] - } -} + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-08T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4667", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5500.json b/2019/5xxx/CVE-2019-5500.json index e316b44c135..6cc1428404c 100644 --- a/2019/5xxx/CVE-2019-5500.json +++ b/2019/5xxx/CVE-2019-5500.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5500", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5500", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NetApp Service Processor and Baseboard Management Controller", + "version": { + "version_data": [ + { + "version_value": "BMC 5.x prior to 5.7 and SP versions prior to 4.1P3, 4.3, 5.1, 5.3, 5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20190802-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190802-0003/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS)." } ] } diff --git a/2020/11xxx/CVE-2020-11888.json b/2020/11xxx/CVE-2020-11888.json index aa9f1e3c614..5bcc9d989b8 100644 --- a/2020/11xxx/CVE-2020-11888.json +++ b/2020/11xxx/CVE-2020-11888.json @@ -56,6 +56,11 @@ "url": "https://github.com/trentm/python-markdown2/issues/348", "refsource": "MISC", "name": "https://github.com/trentm/python-markdown2/issues/348" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0651", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00031.html" } ] } diff --git a/2020/12xxx/CVE-2020-12787.json b/2020/12xxx/CVE-2020-12787.json new file mode 100644 index 00000000000..855a38b4985 --- /dev/null +++ b/2020/12xxx/CVE-2020-12787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12788.json b/2020/12xxx/CVE-2020-12788.json new file mode 100644 index 00000000000..86ca361bf3c --- /dev/null +++ b/2020/12xxx/CVE-2020-12788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12789.json b/2020/12xxx/CVE-2020-12789.json new file mode 100644 index 00000000000..7226151f702 --- /dev/null +++ b/2020/12xxx/CVE-2020-12789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1962.json b/2020/1xxx/CVE-2020-1962.json index c2279b21eb4..7887c371749 100644 --- a/2020/1xxx/CVE-2020-1962.json +++ b/2020/1xxx/CVE-2020-1962.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-1962", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] }