From 01a6452d4b38b24e563a672256215f4e4b32cc39 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 May 2020 18:01:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19162.json | 86 +++++++++++++++-- 2019/4xxx/CVE-2019-4667.json | 172 ++++++++++++++++----------------- 2019/5xxx/CVE-2019-5500.json | 58 +++++++++-- 2020/11xxx/CVE-2020-11888.json | 5 + 2020/12xxx/CVE-2020-12787.json | 18 ++++ 2020/12xxx/CVE-2020-12788.json | 18 ++++ 2020/12xxx/CVE-2020-12789.json | 18 ++++ 2020/1xxx/CVE-2020-1962.json | 4 +- 8 files changed, 278 insertions(+), 101 deletions(-) create mode 100644 2020/12xxx/CVE-2020-12787.json create mode 100644 2020/12xxx/CVE-2020-12788.json create mode 100644 2020/12xxx/CVE-2020-12789.json diff --git a/2019/19xxx/CVE-2019-19162.json b/2019/19xxx/CVE-2019-19162.json index 273a3662368..23f63a4dd69 100644 --- a/2019/19xxx/CVE-2019-19162.json +++ b/2019/19xxx/CVE-2019-19162.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2019-08-30T15:00:00.000Z", "ID": "CVE-2019-19162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XPLATFORM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.2.2" + } + ] + } + } + ] + }, + "vendor_name": "TOBESOFT" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jeongun Baek" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": "7.8", + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35387", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35387" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4667.json b/2019/4xxx/CVE-2019-4667.json index f2cd614f112..f26151ad23b 100644 --- a/2019/4xxx/CVE-2019-4667.json +++ b/2019/4xxx/CVE-2019-4667.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6208076", - "title" : "IBM Security Bulletin 6208076 (UrbanCode Deploy)", - "name" : "https://www.ibm.com/support/pages/node/6208076" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249", - "name" : "ibm-ucd-cve20194667-info-disc (171249)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "S" : "U", - "PR" : "N", - "A" : "N", - "I" : "N", - "AC" : "H", - "UI" : "N", - "C" : "H", - "SCORE" : "5.900" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249." - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0.5.2" - } - ] - }, - "product_name" : "UrbanCode Deploy" - } - ] - } + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6208076", + "title": "IBM Security Bulletin 6208076 (UrbanCode Deploy)", + "name": "https://www.ibm.com/support/pages/node/6208076" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249", + "name": "ibm-ucd-cve20194667-info-disc (171249)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-05-08T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4667", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "S": "U", + "PR": "N", + "A": "N", + "I": "N", + "AC": "H", + "UI": "N", + "C": "H", + "SCORE": "5.900" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249." + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0.5.2" + } + ] + }, + "product_name": "UrbanCode Deploy" + } + ] + } + } ] - } - ] - } -} + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-05-08T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4667", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5500.json b/2019/5xxx/CVE-2019-5500.json index e316b44c135..6cc1428404c 100644 --- a/2019/5xxx/CVE-2019-5500.json +++ b/2019/5xxx/CVE-2019-5500.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5500", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5500", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NetApp Service Processor and Baseboard Management Controller", + "version": { + "version_data": [ + { + "version_value": "BMC 5.x prior to 5.7 and SP versions prior to 4.1P3, 4.3, 5.1, 5.3, 5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20190802-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190802-0003/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS)." } ] } diff --git a/2020/11xxx/CVE-2020-11888.json b/2020/11xxx/CVE-2020-11888.json index aa9f1e3c614..5bcc9d989b8 100644 --- a/2020/11xxx/CVE-2020-11888.json +++ b/2020/11xxx/CVE-2020-11888.json @@ -56,6 +56,11 @@ "url": "https://github.com/trentm/python-markdown2/issues/348", "refsource": "MISC", "name": "https://github.com/trentm/python-markdown2/issues/348" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0651", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00031.html" } ] } diff --git a/2020/12xxx/CVE-2020-12787.json b/2020/12xxx/CVE-2020-12787.json new file mode 100644 index 00000000000..855a38b4985 --- /dev/null +++ b/2020/12xxx/CVE-2020-12787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12788.json b/2020/12xxx/CVE-2020-12788.json new file mode 100644 index 00000000000..86ca361bf3c --- /dev/null +++ b/2020/12xxx/CVE-2020-12788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12789.json b/2020/12xxx/CVE-2020-12789.json new file mode 100644 index 00000000000..7226151f702 --- /dev/null +++ b/2020/12xxx/CVE-2020-12789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1962.json b/2020/1xxx/CVE-2020-1962.json index c2279b21eb4..7887c371749 100644 --- a/2020/1xxx/CVE-2020-1962.json +++ b/2020/1xxx/CVE-2020-1962.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-1962", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] }