admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-14 17:01:06 +00:00
parent c1a937cea9
commit b0e733f403
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
21 changed files with 597 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2014/2xxx/CVE-2014-2271.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2271", "ID": "CVE-2014-2271",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71381",
"url": "http://www.securityfocus.com/bid/71381"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089"
},
{
"refsource": "MISC",
"name": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/",
"url": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/"
},
{
"refsource": "MISC",
"name": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf",
"url": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf"
} }
] ]
} }

70
2014/7xxx/CVE-2014-7844.json
View File

@ -1,8 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7844", "ID": "CVE-2014-7844",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Metacharacters"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BSD",
"product": {
"product_data": [
{
"product_name": "mailx",
"version": {
"version_data": [
{
"version_value": "8.1.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/1066",
"url": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2014-1999.html",
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3104",
"url": "http://www.debian.org/security/2014/dsa-3104"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3105",
"url": "http://www.debian.org/security/2014/dsa-3105"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
} }
] ]
} }

58
2015/0xxx/CVE-2015-0558.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0558", "ID": "CVE-2015-0558",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses \"1236790\" and the MAC address to generate the WPA key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html",
"url": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/35721",
"url": "http://www.exploit-db.com/exploits/35721"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682"
} }
] ]
} }

63
2015/2xxx/CVE-2015-2325.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2325", "ID": "CVE-2015-2325",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"refsource": "MISC",
"name": "https://bugs.exim.org/show_bug.cgi?id=1591",
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"refsource": "CONFIRM",
"name": "https://www.pcre.org/original/changelog.txt",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"refsource": "MISC",
"name": "https://fortiguard.com/zeroday/FG-VD-15-015",
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
} }
] ]
} }

63
2015/2xxx/CVE-2015-2326.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2326", "ID": "CVE-2015-2326",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.exim.org/show_bug.cgi?id=1592",
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.pcre.org/original/changelog.txt",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"refsource": "MISC",
"name": "https://fortiguard.com/zeroday/FG-VD-15-016",
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
} }
] ]
} }

5
2018/3xxx/CVE-2018-3977.json
View File

@ -72,6 +72,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

55
2019/10xxx/CVE-2019-10995.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10995", "ID": "CVE-2019-10995",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ABB CP651 HMI products",
"version": {
"version_data": [
{
"version_value": "BSP UN30 v1.76 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "108928",
"url": "http://www.securityfocus.com/bid/108928"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface."
} }
] ]
} }

5
2019/12xxx/CVE-2019-12216.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12217.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12218.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12219.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12220.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12221.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12222.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-a6bc0fb143", "name": "FEDORA-2019-a6bc0fb143",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

60
2019/12xxx/CVE-2019-12398.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-12398", "ID": "CVE-2019-12398",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@apache.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Airflow",
"version": {
"version_data": [
{
"version_value": "Apache Airflow <= 1.10.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI",
"url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI",
"url": "http://www.openwall.com/lists/oss-security/2020/01/14/2"
},
{
"refsource": "MLIST",
"name": "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI",
"url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected."
} }
] ]
} }

10
2019/13xxx/CVE-2019-13616.json
View File

@ -116,6 +116,16 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:3951", "name": "RHSA-2019:3951",
"url": "https://access.redhat.com/errata/RHSA-2019:3951" "url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3950",
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

5
2019/5xxx/CVE-2019-5051.json
View File

@ -63,6 +63,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:2108", "name": "openSUSE-SU-2019:2108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
}, },

5
2019/5xxx/CVE-2019-5052.json
View File

@ -78,6 +78,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:2108", "name": "openSUSE-SU-2019:2108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
}, },

5
2019/7xxx/CVE-2019-7635.json
View File

@ -136,6 +136,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html" "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4238-1",
"url": "https://usn.ubuntu.com/4238-1/"
} }
] ]
} }

56
2020/5xxx/CVE-2020-5852.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5852", "ID": "CVE-2020-5852",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG"
},
{
"version_value": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG"
},
{
"version_value": "Hotfix-BIGIP-11.5.4.2.74.291-HF2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K53590702",
"url": "https://support.f5.com/csp/article/K53590702"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2"
} }
] ]
} }

62
2020/5xxx/CVE-2020-5853.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5853", "ID": "CVE-2020-5853",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "BIG-IP APM",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0"
},
{
"version_value": "14.0.0-14.1.2.3"
},
{
"version_value": "13.1.0-13.1.3.2"
},
{
"version_value": "12.1.0-12.1.5"
},
{
"version_value": "11.5.2-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K73183618",
"url": "https://support.f5.com/csp/article/K73183618"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict."
} }
] ]
} }