From 87b67ac5f46daa3054d0b8f62a6b09201b5dcdec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 24 Dec 2020 16:01:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8020.json | 5 +++ 2019/16xxx/CVE-2019-16869.json | 5 +++ 2020/11xxx/CVE-2020-11100.json | 5 +++ 2020/14xxx/CVE-2020-14318.json | 5 +++ 2020/14xxx/CVE-2020-14323.json | 5 +++ 2020/14xxx/CVE-2020-14383.json | 5 +++ 2020/17xxx/CVE-2020-17527.json | 5 +++ 2020/1xxx/CVE-2020-1472.json | 5 +++ 2020/27xxx/CVE-2020-27218.json | 20 ++++++++++++ 2020/27xxx/CVE-2020-27714.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27715.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27716.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27717.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27719.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27720.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27722.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27723.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27726.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27727.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27728.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27729.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7774.json | 2 +- 2020/9xxx/CVE-2020-9200.json | 50 ++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9201.json | 56 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9202.json | 50 ++++++++++++++++++++++++++++-- 25 files changed, 772 insertions(+), 46 deletions(-) diff --git a/2018/8xxx/CVE-2018-8020.json b/2018/8xxx/CVE-2018-8020.json index d2141ee7252..043f05a2ff2 100644 --- a/2018/8xxx/CVE-2018-8020.json +++ b/2018/8xxx/CVE-2018-8020.json @@ -105,6 +105,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020", + "url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index b2208fa60b6..b2674e207c2 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -401,6 +401,11 @@ "refsource": "MLIST", "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020", + "url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E" } ] } diff --git a/2020/11xxx/CVE-2020-11100.json b/2020/11xxx/CVE-2020-11100.json index c459c8e064f..d753f4143f7 100644 --- a/2020/11xxx/CVE-2020-11100.json +++ b/2020/11xxx/CVE-2020-11100.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-13fd8b1721", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-22", + "url": "https://security.gentoo.org/glsa/202012-22" } ] } diff --git a/2020/14xxx/CVE-2020-14318.json b/2020/14xxx/CVE-2020-14318.json index 109747b696a..4dcf1d8d049 100644 --- a/2020/14xxx/CVE-2020-14318.json +++ b/2020/14xxx/CVE-2020-14318.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.samba.org/samba/security/CVE-2020-14318.html", "url": "https://www.samba.org/samba/security/CVE-2020-14318.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-24", + "url": "https://security.gentoo.org/glsa/202012-24" } ] }, diff --git a/2020/14xxx/CVE-2020-14323.json b/2020/14xxx/CVE-2020-14323.json index 01b7b33d03e..39ab14ccf7c 100644 --- a/2020/14xxx/CVE-2020-14323.json +++ b/2020/14xxx/CVE-2020-14323.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-24", + "url": "https://security.gentoo.org/glsa/202012-24" } ] }, diff --git a/2020/14xxx/CVE-2020-14383.json b/2020/14xxx/CVE-2020-14383.json index 274df787027..e2e7990e0be 100644 --- a/2020/14xxx/CVE-2020-14383.json +++ b/2020/14xxx/CVE-2020-14383.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.samba.org/samba/security/CVE-2020-14383.html", "url": "https://www.samba.org/samba/security/CVE-2020-14383.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-24", + "url": "https://security.gentoo.org/glsa/202012-24" } ] }, diff --git a/2020/17xxx/CVE-2020-17527.json b/2020/17xxx/CVE-2020-17527.json index ac7cdcec81a..eac98f1f624 100644 --- a/2020/17xxx/CVE-2020-17527.json +++ b/2020/17xxx/CVE-2020-17527.json @@ -133,6 +133,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201216 [SECURITY] [DLA 2495-1] tomcat8 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-23", + "url": "https://security.gentoo.org/glsa/202012-23" } ] }, diff --git a/2020/1xxx/CVE-2020-1472.json b/2020/1xxx/CVE-2020-1472.json index 65232b6621e..3e385699d7c 100644 --- a/2020/1xxx/CVE-2020-1472.json +++ b/2020/1xxx/CVE-2020-1472.json @@ -246,6 +246,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202012-24", + "url": "https://security.gentoo.org/glsa/202012-24" } ] } diff --git a/2020/27xxx/CVE-2020-27218.json b/2020/27xxx/CVE-2020-27218.json index a3a8dee1d8e..8fe7edcea8d 100644 --- a/2020/27xxx/CVE-2020-27218.json +++ b/2020/27xxx/CVE-2020-27218.json @@ -172,6 +172,26 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201218-0003/", "url": "https://security.netapp.com/advisory/ntap-20201218-0003/" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f@%3Cnotifications.zookeeper.apache.org%3E" } ] } diff --git a/2020/27xxx/CVE-2020-27714.json b/2020/27xxx/CVE-2020-27714.json index 405e01e5f00..e4b367fafbc 100644 --- a/2020/27xxx/CVE-2020-27714.json +++ b/2020/27xxx/CVE-2020-27714.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP AFM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K60344652", + "url": "https://support.f5.com/csp/article/K60344652" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic." } ] } diff --git a/2020/27xxx/CVE-2020-27715.json b/2020/27xxx/CVE-2020-27715.json index 2223fa61f44..163545bbcad 100644 --- a/2020/27xxx/CVE-2020-27715.json +++ b/2020/27xxx/CVE-2020-27715.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K25691186", + "url": "https://support.f5.com/csp/article/K25691186" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon." } ] } diff --git a/2020/27xxx/CVE-2020-27716.json b/2020/27xxx/CVE-2020-27716.json index 0d6d321abd8..de1c633a8f8 100644 --- a/2020/27xxx/CVE-2020-27716.json +++ b/2020/27xxx/CVE-2020-27716.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K51574311", + "url": "https://support.f5.com/csp/article/K51574311" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts." } ] } diff --git a/2020/27xxx/CVE-2020-27717.json b/2020/27xxx/CVE-2020-27717.json index 539b9e72551..a8400a725ce 100644 --- a/2020/27xxx/CVE-2020-27717.json +++ b/2020/27xxx/CVE-2020-27717.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP DNS", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K43850230", + "url": "https://support.f5.com/csp/article/K43850230" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file." } ] } diff --git a/2020/27xxx/CVE-2020-27719.json b/2020/27xxx/CVE-2020-27719.json index 1f3d9d7c9d8..fb97bd8692e 100644 --- a/2020/27xxx/CVE-2020-27719.json +++ b/2020/27xxx/CVE-2020-27719.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K19166530", + "url": "https://support.f5.com/csp/article/K19166530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility." } ] } diff --git a/2020/27xxx/CVE-2020-27720.json b/2020/27xxx/CVE-2020-27720.json index 524ab265cc8..3e1db25a5ac 100644 --- a/2020/27xxx/CVE-2020-27720.json +++ b/2020/27xxx/CVE-2020-27720.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM/CGNAT", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K04048104", + "url": "https://support.f5.com/csp/article/K04048104" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart." } ] } diff --git a/2020/27xxx/CVE-2020-27722.json b/2020/27xxx/CVE-2020-27722.json index 62071795eab..ae13c5cc668 100644 --- a/2020/27xxx/CVE-2020-27722.json +++ b/2020/27xxx/CVE-2020-27722.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K73657294", + "url": "https://support.f5.com/csp/article/K73657294" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption." } ] } diff --git a/2020/27xxx/CVE-2020-27723.json b/2020/27xxx/CVE-2020-27723.json index 53c68a649e3..ef296b0b5af 100644 --- a/2020/27xxx/CVE-2020-27723.json +++ b/2020/27xxx/CVE-2020-27723.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.1.3, 13.1.0-13.1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K42933418", + "url": "https://support.f5.com/csp/article/K42933418" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process." } ] } diff --git a/2020/27xxx/CVE-2020-27726.json b/2020/27xxx/CVE-2020-27726.json index c8a2c92c6f5..e6172a13a0f 100644 --- a/2020/27xxx/CVE-2020-27726.json +++ b/2020/27xxx/CVE-2020-27726.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K30343902", + "url": "https://support.f5.com/csp/article/K30343902" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system." } ] } diff --git a/2020/27xxx/CVE-2020-27727.json b/2020/27xxx/CVE-2020-27727.json index be4aa136bf9..f45d264fd33 100644 --- a/2020/27xxx/CVE-2020-27727.json +++ b/2020/27xxx/CVE-2020-27727.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K50343630", + "url": "https://support.f5.com/csp/article/K50343630" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem." } ] } diff --git a/2020/27xxx/CVE-2020-27728.json b/2020/27xxx/CVE-2020-27728.json index 7e10085f3d1..fa74ab4ab78 100644 --- a/2020/27xxx/CVE-2020-27728.json +++ b/2020/27xxx/CVE-2020-27728.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM & Advanced WAF", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K45143221", + "url": "https://support.f5.com/csp/article/K45143221" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices." } ] } diff --git a/2020/27xxx/CVE-2020-27729.json b/2020/27xxx/CVE-2020-27729.json index 968e8848023..837b9586122 100644 --- a/2020/27xxx/CVE-2020-27729.json +++ b/2020/27xxx/CVE-2020-27729.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K15310332", + "url": "https://support.f5.com/csp/article/K15310332" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI." } ] } diff --git a/2020/7xxx/CVE-2020-7774.json b/2020/7xxx/CVE-2020-7774.json index 1209190126c..b6f61b5288e 100644 --- a/2020/7xxx/CVE-2020-7774.json +++ b/2020/7xxx/CVE-2020-7774.json @@ -73,7 +73,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true" + "value": "This affects the package y18n before 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true" } ] }, diff --git a/2020/9xxx/CVE-2020-9200.json b/2020/9xxx/CVE-2020-9200.json index fea4e3c3771..8ee341c9638 100644 --- a/2020/9xxx/CVE-2020-9200.json +++ b/2020/9xxx/CVE-2020-9200.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iManager NetEco 6000", + "version": { + "version_data": [ + { + "version_value": "V600R021C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSV Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device." } ] } diff --git a/2020/9xxx/CVE-2020-9201.json b/2020/9xxx/CVE-2020-9201.json index 26d329d7d96..8ed59b84715 100644 --- a/2020/9xxx/CVE-2020-9201.json +++ b/2020/9xxx/CVE-2020-9201.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-04-eudemon-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-04-eudemon-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal." } ] } diff --git a/2020/9xxx/CVE-2020-9202.json b/2020/9xxx/CVE-2020-9202.json index 4b15a6a4d80..8107c6f7e93 100644 --- a/2020/9xxx/CVE-2020-9202.json +++ b/2020/9xxx/CVE-2020-9202.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "TE Mobile", + "version": { + "version_data": [ + { + "version_value": "V600R006C10,V600R006C10SPC100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-informationleak-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-informationleak-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure." } ] }