diff --git a/2016/10xxx/CVE-2016-10050.json b/2016/10xxx/CVE-2016-10050.json index 379754486be..30a7aa38593 100644 --- a/2016/10xxx/CVE-2016-10050.json +++ b/2016/10xxx/CVE-2016-10050.json @@ -81,6 +81,11 @@ "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" + }, + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/commit/139d4323c40d7363bfdd2382c3821a6f76d69430", + "url": "https://github.com/ImageMagick/ImageMagick/commit/139d4323c40d7363bfdd2382c3821a6f76d69430" } ] } diff --git a/2020/15xxx/CVE-2020-15897.json b/2020/15xxx/CVE-2020-15897.json index bb16f922c60..072015c4147 100644 --- a/2020/15xxx/CVE-2020-15897.json +++ b/2020/15xxx/CVE-2020-15897.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15897", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15897", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11760-security-advisory-54", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11760-security-advisory-54" } ] } diff --git a/2020/18xxx/CVE-2020-18766.json b/2020/18xxx/CVE-2020-18766.json index be709decc79..edbbce474e4 100644 --- a/2020/18xxx/CVE-2020-18766.json +++ b/2020/18xxx/CVE-2020-18766.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18766", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18766", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AntSwordProject/antSword/issues/147", + "refsource": "MISC", + "name": "https://github.com/AntSwordProject/antSword/issues/147" } ] } diff --git a/2020/24xxx/CVE-2020-24631.json b/2020/24xxx/CVE-2020-24631.json index fd87c62e227..fefd5607d55 100644 --- a/2020/24xxx/CVE-2020-24631.json +++ b/2020/24xxx/CVE-2020-24631.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote execution of arbitrary commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/24xxx/CVE-2020-24632.json b/2020/24xxx/CVE-2020-24632.json index 7c00e6c744e..0292d866e20 100644 --- a/2020/24xxx/CVE-2020-24632.json +++ b/2020/24xxx/CVE-2020-24632.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote execution of arbitrary commandss" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/24xxx/CVE-2020-24659.json b/2020/24xxx/CVE-2020-24659.json index 3fe915413f0..701c133b16f 100644 --- a/2020/24xxx/CVE-2020-24659.json +++ b/2020/24xxx/CVE-2020-24659.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1724", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1743", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html" } ] } diff --git a/2020/6xxx/CVE-2020-6876.json b/2020/6xxx/CVE-2020-6876.json index 314f529975f..1124552c754 100644 --- a/2020/6xxx/CVE-2020-6876.json +++ b/2020/6xxx/CVE-2020-6876.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "eVDC", + "version": { + "version_data": [ + { + "version_value": "ZXCLOUD-iROSV6.03.04" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04" } ] } diff --git a/2020/7xxx/CVE-2020-7124.json b/2020/7xxx/CVE-2020-7124.json index ec9fb3be475..f4752d43fb6 100644 --- a/2020/7xxx/CVE-2020-7124.json +++ b/2020/7xxx/CVE-2020-7124.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthorized access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/7xxx/CVE-2020-7125.json b/2020/7xxx/CVE-2020-7125.json index 46b970b347d..1bd3af1d7f8 100644 --- a/2020/7xxx/CVE-2020-7125.json +++ b/2020/7xxx/CVE-2020-7125.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/7xxx/CVE-2020-7126.json b/2020/7xxx/CVE-2020-7126.json index 66f5f03de97..b8a54c14949 100644 --- a/2020/7xxx/CVE-2020-7126.json +++ b/2020/7xxx/CVE-2020-7126.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote server-side request forgery (ssrf)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/7xxx/CVE-2020-7127.json b/2020/7xxx/CVE-2020-7127.json index 8125a6088f8..277298f7930 100644 --- a/2020/7xxx/CVE-2020-7127.json +++ b/2020/7xxx/CVE-2020-7127.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Airwave Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthenticated arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04051en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2." } ] } diff --git a/2020/7xxx/CVE-2020-7196.json b/2020/7xxx/CVE-2020-7196.json index 9fdc9fb38ac..7acc3ee9551 100644 --- a/2020/7xxx/CVE-2020-7196.json +++ b/2020/7xxx/CVE-2020-7196.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BlueData EPIC Software; HPE Ezmeral Container Platform", + "version": { + "version_data": [ + { + "version_value": "4.0 and earlier" + }, + { + "version_value": "5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote disclosure of privileged information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url \"/bdswebui/assignusers/\"." } ] } diff --git a/2020/7xxx/CVE-2020-7197.json b/2020/7xxx/CVE-2020-7197.json index 8f870f5a34b..fd8174b3c10 100644 --- a/2020/7xxx/CVE-2020-7197.json +++ b/2020/7xxx/CVE-2020-7197.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR StoreServ Management and Core Software Media", + "version": { + "version_data": [ + { + "version_value": "prior to 3.7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later." } ] }