diff --git a/2019/6xxx/CVE-2019-6621.json b/2019/6xxx/CVE-2019-6621.json index d0aa4d5b846..ea93ccb46a5 100644 --- a/2019/6xxx/CVE-2019-6621.json +++ b/2019/6xxx/CVE-2019-6621.json @@ -11,15 +11,15 @@ "vendor": { "vendor_data": [ { - "vendor_name": "F5", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "BIG-IP, BIG-IQ", + "product_name": "BIG-IP", "version": { "version_data": [ { - "version_value": "BIG-IP 14.1.0-14.1.0.5" + "version_value": "14.1.0-14.1.0.5" }, { "version_value": "14.0.0-14.0.0.4" @@ -34,10 +34,20 @@ "version_value": "11.6.1-11.6.3.4" }, { - "version_value": "11.5.1-11.5.8" + "version_value": "11.5.2-11.5.8" + } + ] + } + }, + { + "product_name": "BIG-IQ", + "version": { + "version_data": [ + { + "version_value": "7.0.0-7.1.0.2" }, { - "version_value": "BIG-IQ 6.0.0-6.1.0" + "version_value": "6.0.0-6.1.0" }, { "version_value": "5.1.0-5.4.0" @@ -81,7 +91,7 @@ "description_data": [ { "lang": "eng", - "value": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.1-11.5.8 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations." + "value": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations." } ] } diff --git a/2020/15xxx/CVE-2020-15999.json b/2020/15xxx/CVE-2020-15999.json index 595db23d168..84c9aafd96b 100644 --- a/2020/15xxx/CVE-2020-15999.json +++ b/2020/15xxx/CVE-2020-15999.json @@ -69,6 +69,11 @@ "refsource": "GENTOO", "name": "GLSA-202011-12", "url": "https://security.gentoo.org/glsa/202011-12" + }, + { + "refsource": "FULLDISC", + "name": "20201118 TCMalloc viewer/dumper - TCMalloc Inspector Tool", + "url": "http://seclists.org/fulldisclosure/2020/Nov/33" } ] }, diff --git a/2020/28xxx/CVE-2020-28936.json b/2020/28xxx/CVE-2020-28936.json new file mode 100644 index 00000000000..7cf527131ac --- /dev/null +++ b/2020/28xxx/CVE-2020-28936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5947.json b/2020/5xxx/CVE-2020-5947.json index 162fe6b1c1a..35b293c8513 100644 --- a/2020/5xxx/CVE-2020-5947.json +++ b/2020/5xxx/CVE-2020-5947.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE)", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1" + }, + { + "version_value": "15.1.0-15.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TCP sequence prediction" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K64571774", + "url": "https://support.f5.com/csp/article/K64571774" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE)." } ] } diff --git a/2020/8xxx/CVE-2020-8277.json b/2020/8xxx/CVE-2020-8277.json index 3a6226d4d58..818c69bc935 100644 --- a/2020/8xxx/CVE-2020-8277.json +++ b/2020/8xxx/CVE-2020-8277.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 15.2.1, 14.15.1, 12.19.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1033107", + "url": "https://hackerone.com/reports/1033107" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1." } ] } diff --git a/2020/8xxx/CVE-2020-8278.json b/2020/8xxx/CVE-2020-8278.json index 584c426b903..f35e3bad774 100644 --- a/2020/8xxx/CVE-2020-8278.json +++ b/2020/8xxx/CVE-2020-8278.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Social", + "version": { + "version_data": [ + { + "version_value": "Affects v0.3.1" + }, + { + "version_value": "Fixed in v0.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/921717", + "url": "https://hackerone.com/reports/921717" + }, + { + "refsource": "CONFIRM", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-042", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-042" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user." } ] } diff --git a/2020/8xxx/CVE-2020-8279.json b/2020/8xxx/CVE-2020-8279.json index 54cfafe348c..76760f2f077 100644 --- a/2020/8xxx/CVE-2020-8279.json +++ b/2020/8xxx/CVE-2020-8279.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Social", + "version": { + "version_data": [ + { + "version_value": "Affects <0.4.0" + }, + { + "version_value": "Fixed in 0.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation (CWE-295)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/915585", + "url": "https://hackerone.com/reports/915585" + }, + { + "refsource": "CONFIRM", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack." } ] }