From 2ec4a7232e31708c837736456d52b7decc5d3a58 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 Jan 2020 17:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1594.json | 73 +++++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1922.json | 63 ++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1923.json | 68 ++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1924.json | 63 ++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1925.json | 63 ++++++++++++++++++++++++++++++- 2015/4xxx/CVE-2015-4041.json | 58 +++++++++++++++++++++++++++- 2015/4xxx/CVE-2015-4042.json | 53 +++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6961.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6962.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6963.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6964.json | 50 ++++++++++++++++++++++-- 11 files changed, 615 insertions(+), 26 deletions(-) diff --git a/2013/1xxx/CVE-2013-1594.json b/2013/1xxx/CVE-2013-1594.json index 53a28568e6e..3b0b0941fd1 100644 --- a/2013/1xxx/CVE-2013-1594.json +++ b/2013/1xxx/CVE-2013-1594.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1594", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59572", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59572" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943" + }, + { + "url": "http://www.exploit-db.com/exploits/25139", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25139" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1594", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1594" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" } ] } diff --git a/2014/1xxx/CVE-2014-1922.json b/2014/1xxx/CVE-2014-1922.json index 31e9c974d88..7091846f487 100644 --- a/2014/1xxx/CVE-2014-1922.json +++ b/2014/1xxx/CVE-2014-1922.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1922", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660" + }, + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" } ] } diff --git a/2014/1xxx/CVE-2014-1923.json b/2014/1xxx/CVE-2014-1923.json index ea12822d2b0..35b2f3ca452 100644 --- a/2014/1xxx/CVE-2014-1923.json +++ b/2014/1xxx/CVE-2014-1923.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1923", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662" } ] } diff --git a/2014/1xxx/CVE-2014-1924.json b/2014/1xxx/CVE-2014-1924.json index 3609219f1ac..9b3c6674769 100644 --- a/2014/1xxx/CVE-2014-1924.json +++ b/2014/1xxx/CVE-2014-1924.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1924", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2014/1xxx/CVE-2014-1925.json b/2014/1xxx/CVE-2014-1925.json index ff372a18ebc..347e8e5c6af 100644 --- a/2014/1xxx/CVE-2014-1925.json +++ b/2014/1xxx/CVE-2014-1925.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1925", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2015/4xxx/CVE-2015-4041.json b/2015/4xxx/CVE-2015-4041.json index a49c9f96bfa..781f2e829ce 100644 --- a/2015/4xxx/CVE-2015-4041.json +++ b/2015/4xxx/CVE-2015-4041.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4041", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=928749" } ] } diff --git a/2015/4xxx/CVE-2015-4042.json b/2015/4xxx/CVE-2015-4042.json index a4b9971ca53..5485c066ab1 100644 --- a/2015/4xxx/CVE-2015-4042.json +++ b/2015/4xxx/CVE-2015-4042.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4042", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" } ] } diff --git a/2020/6xxx/CVE-2020-6961.json b/2020/6xxx/CVE-2020-6961.json index 09442999c0a..d695e1fa001 100644 --- a/2020/6xxx/CVE-2020-6961.json +++ b/2020/6xxx/CVE-2020-6961.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files." } ] } diff --git a/2020/6xxx/CVE-2020-6962.json b/2020/6xxx/CVE-2020-6962.json index c1f032a8ed1..723e4777d6b 100644 --- a/2020/6xxx/CVE-2020-6962.json +++ b/2020/6xxx/CVE-2020-6962.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6963.json b/2020/6xxx/CVE-2020-6963.json index 907a05b87c2..2747430bf7b 100644 --- a/2020/6xxx/CVE-2020-6963.json +++ b/2020/6xxx/CVE-2020-6963.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code." } ] } diff --git a/2020/6xxx/CVE-2020-6964.json b/2020/6xxx/CVE-2020-6964.json index c8990f06e3f..e3bf8c83318 100644 --- a/2020/6xxx/CVE-2020-6964.json +++ b/2020/6xxx/CVE-2020-6964.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network." } ] }