diff --git a/2014/2xxx/CVE-2014-2271.json b/2014/2xxx/CVE-2014-2271.json index 92a6ea34883..68797c90ede 100644 --- a/2014/2xxx/CVE-2014-2271.json +++ b/2014/2xxx/CVE-2014-2271.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2271", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/71381", + "url": "http://www.securityfocus.com/bid/71381" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", + "url": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", + "url": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf" } ] } diff --git a/2014/7xxx/CVE-2014-7844.json b/2014/7xxx/CVE-2014-7844.json index 2605bc81c9f..13361dfa59a 100644 --- a/2014/7xxx/CVE-2014-7844.json +++ b/2014/7xxx/CVE-2014-7844.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-7844", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BSD", + "product": { + "product_data": [ + { + "product_name": "mailx", + "version": { + "version_data": [ + { + "version_value": "8.1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q4/1066", + "url": "http://seclists.org/oss-sec/2014/q4/1066" + }, + { + "refsource": "MISC", + "name": "http://linux.oracle.com/errata/ELSA-2014-1999.html", + "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3104", + "url": "http://www.debian.org/security/2014/dsa-3104" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3105", + "url": "http://www.debian.org/security/2014/dsa-3105" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html" } ] } diff --git a/2015/0xxx/CVE-2015-0558.json b/2015/0xxx/CVE-2015-0558.json index 184486e8f66..7576e17c9bf 100644 --- a/2015/0xxx/CVE-2015-0558.json +++ b/2015/0xxx/CVE-2015-0558.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-0558", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses \"1236790\" and the MAC address to generate the WPA key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", + "url": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/35721", + "url": "http://www.exploit-db.com/exploits/35721" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682" } ] } diff --git a/2015/2xxx/CVE-2015-2325.json b/2015/2xxx/CVE-2015-2325.json index 1924513ff11..6a840b25d14 100644 --- a/2015/2xxx/CVE-2015-2325.json +++ b/2015/2xxx/CVE-2015-2325.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2325", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1591", + "url": "https://bugs.exim.org/show_bug.cgi?id=1591" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-015", + "url": "https://fortiguard.com/zeroday/FG-VD-15-015" } ] } diff --git a/2015/2xxx/CVE-2015-2326.json b/2015/2xxx/CVE-2015-2326.json index 4bf1e179c79..028fcee3b41 100644 --- a/2015/2xxx/CVE-2015-2326.json +++ b/2015/2xxx/CVE-2015-2326.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2326", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1592", + "url": "https://bugs.exim.org/show_bug.cgi?id=1592" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-016", + "url": "https://fortiguard.com/zeroday/FG-VD-15-016" } ] } diff --git a/2018/3xxx/CVE-2018-3977.json b/2018/3xxx/CVE-2018-3977.json index 62ca82c2575..8a50ad56517 100644 --- a/2018/3xxx/CVE-2018-3977.json +++ b/2018/3xxx/CVE-2018-3977.json @@ -72,6 +72,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10995.json b/2019/10xxx/CVE-2019-10995.json index 5c515567930..df7ef22bff6 100644 --- a/2019/10xxx/CVE-2019-10995.json +++ b/2019/10xxx/CVE-2019-10995.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ABB CP651 HMI products", + "version": { + "version_data": [ + { + "version_value": "BSP UN30 v1.76 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108928", + "url": "http://www.securityfocus.com/bid/108928" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface." } ] } diff --git a/2019/12xxx/CVE-2019-12216.json b/2019/12xxx/CVE-2019-12216.json index 053507b38c6..8d902077992 100644 --- a/2019/12xxx/CVE-2019-12216.json +++ b/2019/12xxx/CVE-2019-12216.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12217.json b/2019/12xxx/CVE-2019-12217.json index 035ad11669a..09808eb446e 100644 --- a/2019/12xxx/CVE-2019-12217.json +++ b/2019/12xxx/CVE-2019-12217.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12218.json b/2019/12xxx/CVE-2019-12218.json index 33cbbd0538f..365bae998bf 100644 --- a/2019/12xxx/CVE-2019-12218.json +++ b/2019/12xxx/CVE-2019-12218.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12219.json b/2019/12xxx/CVE-2019-12219.json index 792f3995a16..6445b0d2cf9 100644 --- a/2019/12xxx/CVE-2019-12219.json +++ b/2019/12xxx/CVE-2019-12219.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12220.json b/2019/12xxx/CVE-2019-12220.json index a427b17824c..dd5b2e5ce26 100644 --- a/2019/12xxx/CVE-2019-12220.json +++ b/2019/12xxx/CVE-2019-12220.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12221.json b/2019/12xxx/CVE-2019-12221.json index 6443246856e..22fe3e06058 100644 --- a/2019/12xxx/CVE-2019-12221.json +++ b/2019/12xxx/CVE-2019-12221.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12222.json b/2019/12xxx/CVE-2019-12222.json index b4cb53afb1d..a13baf53fbb 100644 --- a/2019/12xxx/CVE-2019-12222.json +++ b/2019/12xxx/CVE-2019-12222.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12398.json b/2019/12xxx/CVE-2019-12398.json index 34545e8cc40..1b8e3f74dfc 100644 --- a/2019/12xxx/CVE-2019-12398.json +++ b/2019/12xxx/CVE-2019-12398.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Airflow", + "version": { + "version_data": [ + { + "version_value": "Apache Airflow <= 1.10.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "http://www.openwall.com/lists/oss-security/2020/01/14/2" + }, + { + "refsource": "MLIST", + "name": "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected." } ] } diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index 8cd005d9447..9d81fbcd882 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -116,6 +116,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3951", "url": "https://access.redhat.com/errata/RHSA-2019:3951" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3950", + "url": "https://access.redhat.com/errata/RHSA-2019:3950" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/5xxx/CVE-2019-5051.json b/2019/5xxx/CVE-2019-5051.json index 56314162894..3e6652707bc 100644 --- a/2019/5xxx/CVE-2019-5051.json +++ b/2019/5xxx/CVE-2019-5051.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5052.json b/2019/5xxx/CVE-2019-5052.json index 7388559d65b..9a75fc79c61 100644 --- a/2019/5xxx/CVE-2019-5052.json +++ b/2019/5xxx/CVE-2019-5052.json @@ -78,6 +78,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/7xxx/CVE-2019-7635.json b/2019/7xxx/CVE-2019-7635.json index a7a8408ed4a..5ea14ec32ae 100644 --- a/2019/7xxx/CVE-2019-7635.json +++ b/2019/7xxx/CVE-2019-7635.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5852.json b/2020/5xxx/CVE-2020-5852.json index 8d0e43e3229..eaf40761f45 100644 --- a/2020/5xxx/CVE-2020-5852.json +++ b/2020/5xxx/CVE-2020-5852.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG" + }, + { + "version_value": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG" + }, + { + "version_value": "Hotfix-BIGIP-11.5.4.2.74.291-HF2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K53590702", + "url": "https://support.f5.com/csp/article/K53590702" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2" } ] } diff --git a/2020/5xxx/CVE-2020-5853.json b/2020/5xxx/CVE-2020-5853.json index c8416b092ab..d7f43a1243f 100644 --- a/2020/5xxx/CVE-2020-5853.json +++ b/2020/5xxx/CVE-2020-5853.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0" + }, + { + "version_value": "14.0.0-14.1.2.3" + }, + { + "version_value": "13.1.0-13.1.3.2" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.5.2-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K73183618", + "url": "https://support.f5.com/csp/article/K73183618" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict." } ] }