diff --git a/2009/4xxx/CVE-2009-4112.json b/2009/4xxx/CVE-2009-4112.json index 377132a2587..bab13fe821f 100644 --- a/2009/4xxx/CVE-2009-4112.json +++ b/2009/4xxx/CVE-2009-4112.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2018/20xxx/CVE-2018-20723.json b/2018/20xxx/CVE-2018-20723.json index 6984d6eb981..b4575598019 100644 --- a/2018/20xxx/CVE-2018-20723.json +++ b/2018/20xxx/CVE-2018-20723.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2018/20xxx/CVE-2018-20724.json b/2018/20xxx/CVE-2018-20724.json index 91397cbcdbd..79f59a09b9c 100644 --- a/2018/20xxx/CVE-2018-20724.json +++ b/2018/20xxx/CVE-2018-20724.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2018/20xxx/CVE-2018-20725.json b/2018/20xxx/CVE-2018-20725.json index 1a80152ead1..75df3145aa4 100644 --- a/2018/20xxx/CVE-2018-20725.json +++ b/2018/20xxx/CVE-2018-20725.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2018/20xxx/CVE-2018-20726.json b/2018/20xxx/CVE-2018-20726.json index cb48a6a024b..c58c24baf24 100644 --- a/2018/20xxx/CVE-2018-20726.json +++ b/2018/20xxx/CVE-2018-20726.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2019/16xxx/CVE-2019-16723.json b/2019/16xxx/CVE-2019-16723.json index 37632c4c0d9..088428ba270 100644 --- a/2019/16xxx/CVE-2019-16723.json +++ b/2019/16xxx/CVE-2019-16723.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2019/17xxx/CVE-2019-17357.json b/2019/17xxx/CVE-2019-17357.json index ef9fe7908c7..b0f760d5af1 100644 --- a/2019/17xxx/CVE-2019-17357.json +++ b/2019/17xxx/CVE-2019-17357.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17358.json b/2019/17xxx/CVE-2019-17358.json index ce27422c433..be9f541a2ce 100644 --- a/2019/17xxx/CVE-2019-17358.json +++ b/2019/17xxx/CVE-2019-17358.json @@ -116,6 +116,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11651.json b/2020/11xxx/CVE-2020-11651.json index 4f5772523ed..be3a700fdde 100644 --- a/2020/11xxx/CVE-2020-11651.json +++ b/2020/11xxx/CVE-2020-11651.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst", "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0564", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html" } ] } diff --git a/2020/11xxx/CVE-2020-11652.json b/2020/11xxx/CVE-2020-11652.json index b209a677b6c..5d66ea2b864 100644 --- a/2020/11xxx/CVE-2020-11652.json +++ b/2020/11xxx/CVE-2020-11652.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst", "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0564", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html" } ] } diff --git a/2020/5xxx/CVE-2020-5873.json b/2020/5xxx/CVE-2020-5873.json index 073317682b3..6fedda83b50 100644 --- a/2020/5xxx/CVE-2020-5873.json +++ b/2020/5xxx/CVE-2020-5873.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1" + }, + { + "version_value": "14.1.0-14.1.2.3" + }, + { + "version_value": "13.1.0-13.1.3.1" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.6.1-11.6.5" + } + ] + } + }, + { + "product_name": "BIG-IQ", + "version": { + "version_data": [ + { + "version_value": "5.2.0-7.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K03585731", + "url": "https://support.f5.com/csp/article/K03585731" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request." } ] } diff --git a/2020/5xxx/CVE-2020-5874.json b/2020/5xxx/CVE-2020-5874.json index 2ce9cf29ea9..4e672f225a9 100644 --- a/2020/5xxx/CVE-2020-5874.json +++ b/2020/5xxx/CVE-2020-5874.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.2, 14.1.0-14.1.2.3, 14.0.0-14.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K46901953", + "url": "https://support.f5.com/csp/article/K46901953" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM)." } ] } diff --git a/2020/5xxx/CVE-2020-5875.json b/2020/5xxx/CVE-2020-5875.json index 405b71bafbd..c72777d9498 100644 --- a/2020/5xxx/CVE-2020-5875.json +++ b/2020/5xxx/CVE-2020-5875.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K65372933", + "url": "https://support.f5.com/csp/article/K65372933" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy." } ] } diff --git a/2020/5xxx/CVE-2020-5876.json b/2020/5xxx/CVE-2020-5876.json index aff8646a24e..e797824c342 100644 --- a/2020/5xxx/CVE-2020-5876.json +++ b/2020/5xxx/CVE-2020-5876.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K32121038", + "url": "https://support.f5.com/csp/article/K32121038" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up." } ] } diff --git a/2020/5xxx/CVE-2020-5877.json b/2020/5xxx/CVE-2020-5877.json index e217abc9eae..c81c55a28fb 100644 --- a/2020/5xxx/CVE-2020-5877.json +++ b/2020/5xxx/CVE-2020-5877.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K54200228", + "url": "https://support.f5.com/csp/article/K54200228" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service." } ] } diff --git a/2020/5xxx/CVE-2020-5878.json b/2020/5xxx/CVE-2020-5878.json index 9b24ab632ff..79fab3b0b6b 100644 --- a/2020/5xxx/CVE-2020-5878.json +++ b/2020/5xxx/CVE-2020-5878.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP VE", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.1, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K35750231", + "url": "https://support.f5.com/csp/article/K35750231" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic." } ] } diff --git a/2020/5xxx/CVE-2020-5879.json b/2020/5xxx/CVE-2020-5879.json index e9fc64b3ab4..dcfd3d50fba 100644 --- a/2020/5xxx/CVE-2020-5879.json +++ b/2020/5xxx/CVE-2020-5879.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5879", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K88474783", + "url": "https://support.f5.com/csp/article/K88474783" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied." } ] } diff --git a/2020/5xxx/CVE-2020-5880.json b/2020/5xxx/CVE-2020-5880.json index 2c64fcf4421..f7bafd946d8 100644 --- a/2020/5xxx/CVE-2020-5880.json +++ b/2020/5xxx/CVE-2020-5880.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K94325657", + "url": "https://support.f5.com/csp/article/K94325657" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server." } ] } diff --git a/2020/5xxx/CVE-2020-5881.json b/2020/5xxx/CVE-2020-5881.json index e6125de26da..f75ddf35810 100644 --- a/2020/5xxx/CVE-2020-5881.json +++ b/2020/5xxx/CVE-2020-5881.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP VE", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K03386032", + "url": "https://support.f5.com/csp/article/K03386032" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes." } ] } diff --git a/2020/5xxx/CVE-2020-5882.json b/2020/5xxx/CVE-2020-5882.json index 60c53b2e09e..da61243ec77 100644 --- a/2020/5xxx/CVE-2020-5882.json +++ b/2020/5xxx/CVE-2020-5882.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K43815022", + "url": "https://support.f5.com/csp/article/K43815022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file." } ] } diff --git a/2020/5xxx/CVE-2020-5883.json b/2020/5xxx/CVE-2020-5883.json index 0ca39513d95..1543700c8d0 100644 --- a/2020/5xxx/CVE-2020-5883.json +++ b/2020/5xxx/CVE-2020-5883.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K12234501", + "url": "https://support.f5.com/csp/article/K12234501" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak." } ] } diff --git a/2020/5xxx/CVE-2020-5884.json b/2020/5xxx/CVE-2020-5884.json index da5cce3bfa4..9487fe3afde 100644 --- a/2020/5xxx/CVE-2020-5884.json +++ b/2020/5xxx/CVE-2020-5884.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K72540690", + "url": "https://support.f5.com/csp/article/K72540690" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring." } ] } diff --git a/2020/5xxx/CVE-2020-5885.json b/2020/5xxx/CVE-2020-5885.json index c1231a611ee..518c31acb25 100644 --- a/2020/5xxx/CVE-2020-5885.json +++ b/2020/5xxx/CVE-2020-5885.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K17663061", + "url": "https://support.f5.com/csp/article/K17663061" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring." } ] } diff --git a/2020/5xxx/CVE-2020-5886.json b/2020/5xxx/CVE-2020-5886.json index de43fe97b9a..9c8e9ce2a85 100644 --- a/2020/5xxx/CVE-2020-5886.json +++ b/2020/5xxx/CVE-2020-5886.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K65720640", + "url": "https://support.f5.com/csp/article/K65720640" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring." } ] } diff --git a/2020/5xxx/CVE-2020-5887.json b/2020/5xxx/CVE-2020-5887.json index bba69219759..0ee06501805 100644 --- a/2020/5xxx/CVE-2020-5887.json +++ b/2020/5xxx/CVE-2020-5887.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP VE", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K10251014", + "url": "https://support.f5.com/csp/article/K10251014" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings." } ] } diff --git a/2020/5xxx/CVE-2020-5889.json b/2020/5xxx/CVE-2020-5889.json index 9fc9547d6c4..6189a06908a 100644 --- a/2020/5xxx/CVE-2020-5889.json +++ b/2020/5xxx/CVE-2020-5889.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K24415506", + "url": "https://support.f5.com/csp/article/K24415506" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client." } ] } diff --git a/2020/5xxx/CVE-2020-5891.json b/2020/5xxx/CVE-2020-5891.json index 609108d32c6..0490b6dc2ac 100644 --- a/2020/5xxx/CVE-2020-5891.json +++ b/2020/5xxx/CVE-2020-5891.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K58494243", + "url": "https://support.f5.com/csp/article/K58494243" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile." } ] } diff --git a/2020/5xxx/CVE-2020-5893.json b/2020/5xxx/CVE-2020-5893.json index 197bb34b3bf..43c7ff90b21 100644 --- a/2020/5xxx/CVE-2020-5893.json +++ b/2020/5xxx/CVE-2020-5893.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP Edge Client", + "version": { + "version_data": [ + { + "version_value": "7.1.5-7.1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Brute Force" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K97733133", + "url": "https://support.f5.com/csp/article/K97733133" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection." } ] } diff --git a/2020/7xxx/CVE-2020-7106.json b/2020/7xxx/CVE-2020-7106.json index 0f73ee8e927..332bb63a840 100644 --- a/2020/7xxx/CVE-2020-7106.json +++ b/2020/7xxx/CVE-2020-7106.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2020/7xxx/CVE-2020-7237.json b/2020/7xxx/CVE-2020-7237.json index 7295f44b9ab..01e29c6a50d 100644 --- a/2020/7xxx/CVE-2020-7237.json +++ b/2020/7xxx/CVE-2020-7237.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0558", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] } diff --git a/2020/8xxx/CVE-2020-8813.json b/2020/8xxx/CVE-2020-8813.json index f2d325f2dc6..bd0d8b9654a 100644 --- a/2020/8xxx/CVE-2020-8813.json +++ b/2020/8xxx/CVE-2020-8813.json @@ -116,6 +116,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0565", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html" } ] }