diff --git a/2020/14xxx/CVE-2020-14518.json b/2020/14xxx/CVE-2020-14518.json index c13d6e5f256..ef4ee13bec2 100644 --- a/2020/14xxx/CVE-2020-14518.json +++ b/2020/14xxx/CVE-2020-14518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips DreamMapper", + "version": { + "version_data": [ + { + "version_value": "Version 2.24 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker." } ] } diff --git a/2020/16xxx/CVE-2020-16237.json b/2020/16xxx/CVE-2020-16237.json index b3e118412d9..d8adaef0016 100644 --- a/2020/16xxx/CVE-2020-16237.json +++ b/2020/16xxx/CVE-2020-16237.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-16237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips SureSigns VS4", + "version": { + "version_data": [ + { + "version_value": "A.07.107 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly." } ] } diff --git a/2020/16xxx/CVE-2020-16239.json b/2020/16xxx/CVE-2020-16239.json index 353911aef02..38812df0a59 100644 --- a/2020/16xxx/CVE-2020-16239.json +++ b/2020/16xxx/CVE-2020-16239.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-16239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips SureSigns VS4", + "version": { + "version_data": [ + { + "version_value": "A.07.107 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct." } ] } diff --git a/2020/16xxx/CVE-2020-16241.json b/2020/16xxx/CVE-2020-16241.json index 5d1271986dc..56380df8b8c 100644 --- a/2020/16xxx/CVE-2020-16241.json +++ b/2020/16xxx/CVE-2020-16241.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-16241", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips SureSigns VS4", + "version": { + "version_data": [ + { + "version_value": "A.07.107 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor." } ] } diff --git a/2020/24xxx/CVE-2020-24583.json b/2020/24xxx/CVE-2020-24583.json new file mode 100644 index 00000000000..b6afa0d284d --- /dev/null +++ b/2020/24xxx/CVE-2020-24583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24584.json b/2020/24xxx/CVE-2020-24584.json new file mode 100644 index 00000000000..faf9f0efda4 --- /dev/null +++ b/2020/24xxx/CVE-2020-24584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24585.json b/2020/24xxx/CVE-2020-24585.json new file mode 100644 index 00000000000..e603b75e159 --- /dev/null +++ b/2020/24xxx/CVE-2020-24585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3976.json b/2020/3xxx/CVE-2020-3976.json index 10efcf3c08e..a4754ff689a 100644 --- a/2020/3xxx/CVE-2020-3976.json +++ b/2020/3xxx/CVE-2020-3976.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ESXi, vCenter Server, and Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "ESXi 7.0, 6.7, 6.5, vCenter Server 7.0, 6.7, 6.5, and Cloud Foundation 4.x.x, and 3.x.x release lines." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Partial denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3." } ] } diff --git a/2020/5xxx/CVE-2020-5774.json b/2020/5xxx/CVE-2020-5774.json index 15f30a70153..5f0d7bf4e5b 100644 --- a/2020/5xxx/CVE-2020-5774.json +++ b/2020/5xxx/CVE-2020-5774.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable Nessus", + "version": { + "version_data": [ + { + "version_value": "< 8.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2020-06", + "url": "https://www.tenable.com/security/tns-2020-06" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session." } ] }