admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-30 21:01:13 +00:00
parent 3fd80d5843
commit b150748a7e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
31 changed files with 933 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2009/4xxx/CVE-2009-4112.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20723.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20724.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20725.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20726.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2019/16xxx/CVE-2019-16723.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2019/17xxx/CVE-2019-17357.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
}, },

5
2019/17xxx/CVE-2019-17358.json
View File

@ -116,6 +116,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
}, },

5
2020/11xxx/CVE-2020-11651.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst", "name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst" "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0564",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
} }
] ]
} }

5
2020/11xxx/CVE-2020-11652.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst", "name": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst",
"url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst" "url": "https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0564",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html"
} }
] ]
} }

72
2020/5xxx/CVE-2020-5873.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5873", "ID": "CVE-2020-5873",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1"
},
{
"version_value": "14.1.0-14.1.2.3"
},
{
"version_value": "13.1.0-13.1.3.1"
},
{
"version_value": "12.1.0-12.1.5"
},
{
"version_value": "11.6.1-11.6.5"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_value": "5.2.0-7.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K03585731",
"url": "https://support.f5.com/csp/article/K03585731"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5874.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5874", "ID": "CVE-2020-5874",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP APM",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.2, 14.1.0-14.1.2.3, 14.0.0-14.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K46901953",
"url": "https://support.f5.com/csp/article/K46901953"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM)."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5875.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5875", "ID": "CVE-2020-5875",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K65372933",
"url": "https://support.f5.com/csp/article/K65372933"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5876.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5876", "ID": "CVE-2020-5876",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K32121038",
"url": "https://support.f5.com/csp/article/K32121038"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5877.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5877", "ID": "CVE-2020-5877",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K54200228",
"url": "https://support.f5.com/csp/article/K54200228"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5878.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5878", "ID": "CVE-2020-5878",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP VE",
"version": {
"version_data": [
{
"version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.1, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K35750231",
"url": "https://support.f5.com/csp/article/K35750231"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5879.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5879", "ID": "CVE-2020-5879",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP ASM",
"version": {
"version_data": [
{
"version_value": "11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K88474783",
"url": "https://support.f5.com/csp/article/K88474783"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5880.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5880", "ID": "CVE-2020-5880",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K94325657",
"url": "https://support.f5.com/csp/article/K94325657"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5881.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5881", "ID": "CVE-2020-5881",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP VE",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K03386032",
"url": "https://support.f5.com/csp/article/K03386032"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5882.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5882", "ID": "CVE-2020-5882",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K43815022",
"url": "https://support.f5.com/csp/article/K43815022"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5883.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5883", "ID": "CVE-2020-5883",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K12234501",
"url": "https://support.f5.com/csp/article/K12234501"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5884.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5884", "ID": "CVE-2020-5884",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K72540690",
"url": "https://support.f5.com/csp/article/K72540690"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5885.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5885", "ID": "CVE-2020-5885",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K17663061",
"url": "https://support.f5.com/csp/article/K17663061"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5886.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5886", "ID": "CVE-2020-5886",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K65720640",
"url": "https://support.f5.com/csp/article/K65720640"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5887.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5887", "ID": "CVE-2020-5887",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP VE",
"version": {
"version_data": [
{
"version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K10251014",
"url": "https://support.f5.com/csp/article/K10251014"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5889.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5889", "ID": "CVE-2020-5889",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP APM",
"version": {
"version_data": [
{
"version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K24415506",
"url": "https://support.f5.com/csp/article/K24415506"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5891.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5891", "ID": "CVE-2020-5891",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K58494243",
"url": "https://support.f5.com/csp/article/K58494243"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile."
} }
] ]
} }

50
2020/5xxx/CVE-2020-5893.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5893", "ID": "CVE-2020-5893",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "f5sirt@f5.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP Edge Client",
"version": {
"version_data": [
{
"version_value": "7.1.5-7.1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Brute Force"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K97733133",
"url": "https://support.f5.com/csp/article/K97733133"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection."
} }
] ]
} }

5
2020/7xxx/CVE-2020-7106.json
View File

@ -91,6 +91,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2020/7xxx/CVE-2020-7237.json
View File

@ -91,6 +91,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0558", "name": "openSUSE-SU-2020:0558",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }

5
2020/8xxx/CVE-2020-8813.json
View File

@ -116,6 +116,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html" "url": "http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0565",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"
} }
] ]
} }