From c1a937cea9a9a8e47d2caa83c2f57cc2765c995a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 16:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/4xxx/CVE-2014-4609.json | 58 ++++++++++++++++++++++++++++++++-- 2014/4xxx/CVE-2014-4610.json | 58 ++++++++++++++++++++++++++++++++-- 2014/5xxx/CVE-2014-5138.json | 48 ++++++++++++++++++++++++++-- 2014/5xxx/CVE-2014-5238.json | 58 ++++++++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8366.json | 58 ++++++++++++++++++++++++++++++++-- 2015/8xxx/CVE-2015-8367.json | 58 ++++++++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13627.json | 5 +++ 2020/5xxx/CVE-2020-5851.json | 50 +++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7040.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7041.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7042.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7043.json | 18 +++++++++++ 12 files changed, 450 insertions(+), 15 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7040.json create mode 100644 2020/7xxx/CVE-2020-7041.json create mode 100644 2020/7xxx/CVE-2020-7042.json create mode 100644 2020/7xxx/CVE-2020-7043.json diff --git a/2014/4xxx/CVE-2014-4609.json b/2014/4xxx/CVE-2014-4609.json index ab47a9df339..524872c49b1 100644 --- a/2014/4xxx/CVE-2014-4609.json +++ b/2014/4xxx/CVE-2014-4609.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4609", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/22", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/22" + }, + { + "refsource": "MISC", + "name": "https://libav.org/news/#2014-06-27", + "url": "https://libav.org/news/#2014-06-27" } ] } diff --git a/2014/4xxx/CVE-2014-4610.json b/2014/4xxx/CVE-2014-4610.json index 77a7c431726..cf8d9366196 100644 --- a/2014/4xxx/CVE-2014-4610.json +++ b/2014/4xxx/CVE-2014-4610.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4610", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/23", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" + }, + { + "refsource": "MISC", + "name": "https://www.ffmpeg.org/security.html", + "url": "https://www.ffmpeg.org/security.html" } ] } diff --git a/2014/5xxx/CVE-2014-5138.json b/2014/5xxx/CVE-2014-5138.json index 6be5a671aa0..7d5acd240eb 100644 --- a/2014/5xxx/CVE-2014-5138.json +++ b/2014/5xxx/CVE-2014-5138.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5138", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", + "url": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html" } ] } diff --git a/2014/5xxx/CVE-2014-5238.json b/2014/5xxx/CVE-2014-5238.json index bae9ba74ae7..31b0267db72 100644 --- a/2014/5xxx/CVE-2014-5238.json +++ b/2014/5xxx/CVE-2014-5238.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5238", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", + "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", + "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf" } ] } diff --git a/2015/8xxx/CVE-2015-8366.json b/2015/8xxx/CVE-2015-8366.json index b5efce21d11..bf868523fa9 100644 --- a/2015/8xxx/CVE-2015-8366.json +++ b/2015/8xxx/CVE-2015-8366.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8366", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2015/8xxx/CVE-2015-8367.json b/2015/8xxx/CVE-2015-8367.json index 7bf58eb2a95..87bc083140f 100644 --- a/2015/8xxx/CVE-2015-8367.json +++ b/2015/8xxx/CVE-2015-8367.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8367", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 6a2c603ae30..2850b56afa0 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0022", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4236-2", + "url": "https://usn.ubuntu.com/4236-2/" } ] } diff --git a/2020/5xxx/CVE-2020-5851.json b/2020/5xxx/CVE-2020-5851.json index ff872b58140..58cbac0b7f6 100644 --- a/2020/5xxx/CVE-2020-5851.json +++ b/2020/5xxx/CVE-2020-5851.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.0.2.0.45.4-ENG, Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Compromise detection failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K91171450", + "url": "https://support.f5.com/csp/article/K91171450" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json new file mode 100644 index 00000000000..ac5353fd0c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7041.json b/2020/7xxx/CVE-2020-7041.json new file mode 100644 index 00000000000..4c29c53d5b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7042.json b/2020/7xxx/CVE-2020-7042.json new file mode 100644 index 00000000000..2278922595c --- /dev/null +++ b/2020/7xxx/CVE-2020-7042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7043.json b/2020/7xxx/CVE-2020-7043.json new file mode 100644 index 00000000000..ecb7111058f --- /dev/null +++ b/2020/7xxx/CVE-2020-7043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file