admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-19 01:01:38 +00:00
parent 11618a77fd
commit 3f1f089ae6
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 251 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2019/6xxx/CVE-2019-6621.json
View File

@ -11,15 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP, BIG-IQ",
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "BIG-IP 14.1.0-14.1.0.5"
"version_value": "14.1.0-14.1.0.5"
},
{
"version_value": "14.0.0-14.0.0.4"
@ -34,10 +34,20 @@
"version_value": "11.6.1-11.6.3.4"
},
{
"version_value": "11.5.1-11.5.8"
"version_value": "11.5.2-11.5.8"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_value": "7.0.0-7.1.0.2"
},
{
"version_value": "BIG-IQ 6.0.0-6.1.0"
"version_value": "6.0.0-6.1.0"
},
{
"version_value": "5.1.0-5.4.0"
@ -81,7 +91,7 @@
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.1-11.5.8 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations."
"value": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations."
}
]
}

5
2020/15xxx/CVE-2020-15999.json
View File

@ -69,6 +69,11 @@
"refsource": "GENTOO",
"name": "GLSA-202011-12",
"url": "https://security.gentoo.org/glsa/202011-12"
},
{
"refsource": "FULLDISC",
"name": "20201118 TCMalloc viewer/dumper - TCMalloc Inspector Tool",
"url": "http://seclists.org/fulldisclosure/2020/Nov/33"
}
]
},

18
2020/28xxx/CVE-2020-28936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

53
2020/5xxx/CVE-2020-5947.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE)",
"version": {
"version_data": [
{
"version_value": "16.0.0-16.0.0.1"
},
{
"version_value": "15.1.0-15.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TCP sequence prediction"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K64571774",
"url": "https://support.f5.com/csp/article/K64571774"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE)."
}
]
}

55
2020/8xxx/CVE-2020-8277.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 15.2.1, 14.15.1, 12.19.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1033107",
"url": "https://hackerone.com/reports/1033107"
},
{
"refsource": "CONFIRM",
"name": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1."
}
]
}

58
2020/8xxx/CVE-2020-8278.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Social",
"version": {
"version_data": [
{
"version_value": "Affects v0.3.1"
},
{
"version_value": "Fixed in v0.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/921717",
"url": "https://hackerone.com/reports/921717"
},
{
"refsource": "CONFIRM",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-042",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-042"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user."
}
]
}

58
2020/8xxx/CVE-2020-8279.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Social",
"version": {
"version_data": [
{
"version_value": "Affects <0.4.0"
},
{
"version_value": "Fixed in 0.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/915585",
"url": "https://hackerone.com/reports/915585"
},
{
"refsource": "CONFIRM",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack."
}
]
}