admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-01 15:01:29 +00:00
parent 0f5402f305
commit d85f68c50e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
40 changed files with 1952 additions and 1109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
2019/4xxx/CVE-2019-4676.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager Virtual Appliance"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4676"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"AV" : "N",
"S" : "C",
"C" : "H",
"SCORE" : "6.300",
"PR" : "L",
"UI" : "N",
"A" : "N",
"AC" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url" : "https://www.ibm.com/support/pages/node/6242348",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242348"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/171512",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sim-cve20194676-info-disc (171512)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager Virtual Appliance"
}
]
}
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4676"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"I": "N",
"AV": "N",
"S": "C",
"C": "H",
"SCORE": "6.300",
"PR": "L",
"UI": "N",
"A": "N",
"AC": "H"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url": "https://www.ibm.com/support/pages/node/6242348",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242348"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171512",
"title": "X-Force Vulnerability Report",
"name": "ibm-sim-cve20194676-info-disc (171512)",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE"
}

174
2019/4xxx/CVE-2019-4704.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2019-4704",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url" : "https://www.ibm.com/support/pages/node/6242348",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242348"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172014",
"name" : "ibm-sim-cve20194704-info-disc (172014)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "3.700",
"C" : "L",
"PR" : "N",
"UI" : "N",
"A" : "N",
"AC" : "H",
"I" : "N",
"AV" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ID": "CVE-2019-4704",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager Virtual Appliance",
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"title": "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url": "https://www.ibm.com/support/pages/node/6242348",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242348"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172014",
"name": "ibm-sim-cve20194704-info-disc (172014)",
"refsource": "XF"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "3.700",
"C": "L",
"PR": "N",
"UI": "N",
"A": "N",
"AC": "H",
"I": "N",
"AV": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Identity Manager Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
}
}

176
2019/4xxx/CVE-2019-4705.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager Virtual Appliance"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ID" : "CVE-2019-4705",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"SCORE" : "2.700",
"PR" : "H",
"UI" : "N",
"A" : "N",
"AC" : "L",
"I" : "N",
"AV" : "N",
"S" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242348",
"url" : "https://www.ibm.com/support/pages/node/6242348",
"title" : "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172015",
"name" : "ibm-sim-cve20194705-info-disc (172015)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager Virtual Appliance"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2019-4705",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"value": "IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "L",
"SCORE": "2.700",
"PR": "H",
"UI": "N",
"A": "N",
"AC": "L",
"I": "N",
"AV": "N",
"S": "U"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242348",
"url": "https://www.ibm.com/support/pages/node/6242348",
"title": "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172015",
"name": "ibm-sim-cve20194705-info-disc (172015)",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

176
2019/4xxx/CVE-2019-4706.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Security Identity Manager Virtual Appliance"
}
]
}
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
},
"product_name": "Security Identity Manager Virtual Appliance"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"UI" : "N",
"PR" : "H",
"SCORE" : "2.700",
"C" : "L",
"S" : "U",
"AV" : "N",
"I" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6242348",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url" : "https://www.ibm.com/support/pages/node/6242348"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172016",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-sim-cve20194706-info-disc (172016)"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ID" : "CVE-2019-4706"
}
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"UI": "N",
"PR": "H",
"SCORE": "2.700",
"C": "L",
"S": "U",
"AV": "N",
"I": "N"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242348",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)",
"url": "https://www.ibm.com/support/pages/node/6242348"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172016",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-sim-cve20194706-info-disc (172016)"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2019-4706"
}
}

61
2020/12xxx/CVE-2020-12604.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
}
]
}

61
2020/12xxx/CVE-2020-12605.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-12605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-12605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy-setec/issues/137",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
}
]
}

61
2020/13xxx/CVE-2020-13380.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openSIS before 7.4 allows SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8",
"url": "https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8"
}
]
}

61
2020/13xxx/CVE-2020-13381.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13381",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openSIS through 7.4 allows SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OS4ED/openSIS-Responsive-Design/commits/master",
"refsource": "MISC",
"name": "https://github.com/OS4ED/openSIS-Responsive-Design/commits/master"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/158257/openSIS-7.4-SQL-Injection.html"
}
]
}

61
2020/13xxx/CVE-2020-13382.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openSIS through 7.4 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OS4ED/openSIS-Responsive-Design/commits/master",
"refsource": "MISC",
"name": "https://github.com/OS4ED/openSIS-Responsive-Design/commits/master"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158255/openSIS-7.4-Incorrect-Access-Control.html",
"url": "http://packetstormsecurity.com/files/158255/openSIS-7.4-Incorrect-Access-Control.html"
}
]
}

61
2020/13xxx/CVE-2020-13383.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openSIS through 7.4 allows Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8",
"refsource": "MISC",
"name": "https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/158256/openSIS-7.4-Local-File-Inclusion.html"
}
]
}

5
2020/14xxx/CVE-2020-14060.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2688",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2688"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
}
]
}

5
2020/14xxx/CVE-2020-14061.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2698",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2698"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
}
]
}

5
2020/14xxx/CVE-2020-14062.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2704",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2704"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
}
]
}

5
2020/14xxx/CVE-2020-14195.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/FasterXML/jackson-databind/issues/2765",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2765"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
}
]
}

18
2020/15xxx/CVE-2020-15492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/15xxx/CVE-2020-15494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2020/4xxx/CVE-2020-4046.json
View File

@ -144,6 +144,11 @@
"refsource": "DEBIAN",
"name": "DSA-4709",
"url": "https://www.debian.org/security/2020/dsa-4709"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
}
]
},

5
2020/4xxx/CVE-2020-4047.json
View File

@ -149,6 +149,11 @@
"refsource": "DEBIAN",
"name": "DSA-4709",
"url": "https://www.debian.org/security/2020/dsa-4709"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
}
]
},

5
2020/4xxx/CVE-2020-4048.json
View File

@ -149,6 +149,11 @@
"refsource": "DEBIAN",
"name": "DSA-4709",
"url": "https://www.debian.org/security/2020/dsa-4709"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
}
]
},

5
2020/4xxx/CVE-2020-4049.json
View File

@ -149,6 +149,11 @@
"refsource": "DEBIAN",
"name": "DSA-4709",
"url": "https://www.debian.org/security/2020/dsa-4709"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
}
]
},

5
2020/4xxx/CVE-2020-4050.json
View File

@ -149,6 +149,11 @@
"refsource": "DEBIAN",
"name": "DSA-4709",
"url": "https://www.debian.org/security/2020/dsa-4709"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
}
]
},

5
2020/4xxx/CVE-2020-4067.json
View File

@ -88,6 +88,11 @@
"refsource": "DEBIAN",
"name": "DSA-4711",
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2271-1] coturn security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html"
}
]
},

200
2020/4xxx/CVE-2020-4355.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux- UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
},
"product_name": "DB2 for Linux- UNIX and Windows"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6242350",
"title" : "IBM Security Bulletin 6242350 (DB2 for Linux- UNIX and Windows)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242350"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-db2-cve20204355-dos (178507)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AV" : "N",
"S" : "U",
"C" : "N",
"SCORE" : "5.300",
"UI" : "N",
"PR" : "N",
"A" : "L",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ID" : "CVE-2020-4355",
"STATE" : "PUBLIC"
}
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6242350",
"title": "IBM Security Bulletin 6242350 (DB2 for Linux- UNIX and Windows)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242350"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-db2-cve20204355-dos (178507)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"AV": "N",
"S": "U",
"C": "N",
"SCORE": "5.300",
"UI": "N",
"PR": "N",
"A": "L",
"AC": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4355",
"STATE": "PUBLIC"
}
}

200
2020/4xxx/CVE-2020-4363.json
View File

@ -1,102 +1,102 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux- UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6242332",
"title" : "IBM Security Bulletin 6242332 (DB2 for Linux- UNIX and Windows)",
"name" : "https://www.ibm.com/support/pages/node/6242332",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve20204363-bo (178960)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AV" : "L",
"S" : "U",
"SCORE" : "8.400",
"C" : "H",
"UI" : "N",
"PR" : "N",
"A" : "H",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4363",
"STATE" : "PUBLIC"
}
}
}
},
"data_format": "MITRE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6242332",
"title": "IBM Security Bulletin 6242332 (DB2 for Linux- UNIX and Windows)",
"name": "https://www.ibm.com/support/pages/node/6242332",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960",
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve20204363-bo (178960)",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AV": "L",
"S": "U",
"SCORE": "8.400",
"C": "H",
"UI": "N",
"PR": "N",
"A": "H",
"AC": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4363",
"STATE": "PUBLIC"
}
}

182
2020/4xxx/CVE-2020-4376.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MQ for HPE NonStop",
"version" : {
"version_data" : [
{
"version_value" : "8.1.0"
},
{
"version_value" : "8.0.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4376",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ for HPE NonStop",
"version": {
"version_data": [
{
"version_value": "8.1.0"
},
{
"version_value": "8.0.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6242364 (MQ for HPE NonStop)",
"url" : "https://www.ibm.com/support/pages/node/6242364",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242364"
},
{
"name" : "ibm-mq-cve20204376-dos (179081)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "H",
"A" : "H",
"PR" : "L",
"UI" : "N",
"C" : "N",
"SCORE" : "5.300",
"S" : "U",
"AV" : "N",
"I" : "N"
}
}
}
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4376",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6242364 (MQ for HPE NonStop)",
"url": "https://www.ibm.com/support/pages/node/6242364",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242364"
},
{
"name": "ibm-mq-cve20204376-dos (179081)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AC": "H",
"A": "H",
"PR": "L",
"UI": "N",
"C": "N",
"SCORE": "5.300",
"S": "U",
"AV": "N",
"I": "N"
}
}
}
}

198
2020/4xxx/CVE-2020-4386.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ID" : "CVE-2020-4386"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6242342",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6242342",
"title" : "IBM Security Bulletin 6242342 (DB2 for Linux- UNIX and Windows)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268",
"name" : "ibm-db2-cve20204386-info-disc (179268)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"UI" : "N",
"PR" : "N",
"C" : "H",
"SCORE" : "6.200",
"S" : "U",
"AV" : "L",
"I" : "N"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4386"
},
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux- UNIX and Windows"
}
]
}
"name": "https://www.ibm.com/support/pages/node/6242342",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6242342",
"title": "IBM Security Bulletin 6242342 (DB2 for Linux- UNIX and Windows)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268",
"name": "ibm-db2-cve20204386-info-disc (179268)",
"refsource": "XF"
}
]
}
},
"data_format" : "MITRE"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"UI": "N",
"PR": "N",
"C": "H",
"SCORE": "6.200",
"S": "U",
"AV": "L",
"I": "N"
}
}
},
"description": {
"description_data": [
{
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
},
"product_name": "DB2 for Linux- UNIX and Windows"
}
]
}
}
]
}
},
"data_format": "MITRE"
}

200
2020/4xxx/CVE-2020-4387.json
View File

@ -1,102 +1,102 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux- UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6242336 (DB2 for Linux- UNIX and Windows)",
"url" : "https://www.ibm.com/support/pages/node/6242336",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242336"
},
{
"name" : "ibm-db2-cve20204387-info-disc (179269)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "H",
"SCORE" : "6.200",
"UI" : "N",
"PR" : "N",
"A" : "N",
"AC" : "L",
"I" : "N",
"AV" : "L",
"S" : "U"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4387",
"STATE" : "PUBLIC"
}
}
}
},
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6242336 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242336",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242336"
},
{
"name": "ibm-db2-cve20204387-info-disc (179269)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "H",
"SCORE": "6.200",
"UI": "N",
"PR": "N",
"A": "N",
"AC": "L",
"I": "N",
"AV": "L",
"S": "U"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4387",
"STATE": "PUBLIC"
}
}

200
2020/4xxx/CVE-2020-4414.json
View File

@ -1,102 +1,102 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux- UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
},
{
"version_value" : "9.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4414",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6242356",
"url" : "https://www.ibm.com/support/pages/node/6242356",
"title" : "IBM Security Bulletin 6242356 (DB2 for Linux- UNIX and Windows)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989",
"refsource" : "XF",
"name" : "ibm-db2-cve20204414-info-disc (179989)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "L",
"PR" : "N",
"UI" : "N",
"C" : "L",
"SCORE" : "5.100",
"S" : "U",
"AV" : "L",
"I" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_version": "4.0",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
},
{
"version_value": "9.1"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4414",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6242356",
"url": "https://www.ibm.com/support/pages/node/6242356",
"title": "IBM Security Bulletin 6242356 (DB2 for Linux- UNIX and Windows)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989",
"refsource": "XF",
"name": "ibm-db2-cve20204414-info-disc (179989)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "L",
"PR": "N",
"UI": "N",
"C": "L",
"SCORE": "5.100",
"S": "U",
"AV": "L",
"I": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

198
2020/4xxx/CVE-2020-4420.json
View File

@ -1,102 +1,102 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AV" : "N",
"S" : "U",
"C" : "N",
"SCORE" : "7.500",
"PR" : "N",
"UI" : "N",
"A" : "H",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6242362",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6242362",
"title" : "IBM Security Bulletin 6242362 (DB2 for Linux- UNIX and Windows)"
},
{
"refsource" : "XF",
"name" : "ibm-db2-cve20204420-dos (180076)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-06-30T00:00:00",
"ID" : "CVE-2020-4420"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux- UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
}
}
]
}
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"AV": "N",
"S": "U",
"C": "N",
"SCORE": "7.500",
"PR": "N",
"UI": "N",
"A": "H",
"AC": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242362",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6242362",
"title": "IBM Security Bulletin 6242362 (DB2 for Linux- UNIX and Windows)"
},
{
"refsource": "XF",
"name": "ibm-db2-cve20204420-dos (180076)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
}
]
},
"description": {
"description_data": [
{
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4420"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0"
}

50
2020/5xxx/CVE-2020-5899.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "NGINX Controller",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "account hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K25434422",
"url": "https://support.f5.com/csp/article/K25434422"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code."
}
]
}

50
2020/5xxx/CVE-2020-5901.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "NGINX Controller",
"version": {
"version_data": [
{
"version_value": "3.3.0-3.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K43520321",
"url": "https://support.f5.com/csp/article/K43520321"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system."
}
]
}

50
2020/5xxx/CVE-2020-5902.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K52145254",
"url": "https://support.f5.com/csp/article/K52145254"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages."
}
]
}

50
2020/5xxx/CVE-2020-5903.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K43638305",
"url": "https://support.f5.com/csp/article/K43638305"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility."
}
]
}

50
2020/5xxx/CVE-2020-5904.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K31301245",
"url": "https://support.f5.com/csp/article/K31301245"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page."
}
]
}

50
2020/5xxx/CVE-2020-5905.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "11.6.1-11.6.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K07051153",
"url": "https://support.f5.com/csp/article/K07051153"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display."
}
]
}

50
2020/5xxx/CVE-2020-5906.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "13.1.0-13.1.3.3, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K82518062",
"url": "https://support.f5.com/csp/article/K82518062"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP."
}
]
}

50
2020/5xxx/CVE-2020-5907.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K00091341",
"url": "https://support.f5.com/csp/article/K00091341"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality."
}
]
}

50
2020/5xxx/CVE-2020-5908.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Edge Client for Linux",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.5, 11.6.1-11.6.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K33023560",
"url": "https://support.f5.com/csp/article/K33023560"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files."
}
]
}

61
2020/8xxx/CVE-2020-8663.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "MISC",
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
}
]
}