diff --git a/2020/12xxx/CVE-2020-12762.json b/2020/12xxx/CVE-2020-12762.json index 9f8f1cb2272..aba566b871c 100644 --- a/2020/12xxx/CVE-2020-12762.json +++ b/2020/12xxx/CVE-2020-12762.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-63c6f4ab1d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4360-1", + "url": "https://usn.ubuntu.com/4360-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7137.json b/2020/7xxx/CVE-2020-7137.json index 975da46e505..d6789f2aa60 100644 --- a/2020/7xxx/CVE-2020-7137.json +++ b/2020/7xxx/CVE-2020-7137.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Superdome Flex Server", + "version": { + "version_data": [ + { + "version_value": "Prior to 3.25.46 (12 May 2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04004en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04004en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue." } ] } diff --git a/2020/7xxx/CVE-2020-7138.json b/2020/7xxx/CVE-2020-7138.json index 971f367f3d1..643843cb7f2 100644 --- a/2020/7xxx/CVE-2020-7138.json +++ b/2020/7xxx/CVE-2020-7138.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7138", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older" + }, + { + "version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older" + }, + { + "version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100" } ] } diff --git a/2020/7xxx/CVE-2020-7139.json b/2020/7xxx/CVE-2020-7139.json index 812fca703a2..d567a5627a0 100644 --- a/2020/7xxx/CVE-2020-7139.json +++ b/2020/7xxx/CVE-2020-7139.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older" + }, + { + "version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older" + }, + { + "version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthorized access to sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100" } ] }