diff --git a/2020/13xxx/CVE-2020-13821.json b/2020/13xxx/CVE-2020-13821.json index 45207c93051..6deec688852 100644 --- a/2020/13xxx/CVE-2020-13821.json +++ b/2020/13xxx/CVE-2020-13821.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13821", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13821", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hivemq.com/downloads/download-hivemq", + "refsource": "MISC", + "name": "https://www.hivemq.com/downloads/download-hivemq" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/hivemq-mqtt-broker---xss-over-mqtt", + "url": "https://payatu.com/advisory/hivemq-mqtt-broker---xss-over-mqtt" } ] } diff --git a/2020/15xxx/CVE-2020-15482.json b/2020/15xxx/CVE-2020-15482.json index 13cdbb70cd5..b36ea31c6c3 100644 --- a/2020/15xxx/CVE-2020-15482.json +++ b/2020/15xxx/CVE-2020-15482.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.niscomed.com/multipara-monitor.html", + "refsource": "MISC", + "name": "https://www.niscomed.com/multipara-monitor.html" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor", + "url": "https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor" } ] } diff --git a/2020/15xxx/CVE-2020-15483.json b/2020/15xxx/CVE-2020-15483.json index 1b7e9380d25..59eec6beaec 100644 --- a/2020/15xxx/CVE-2020-15483.json +++ b/2020/15xxx/CVE-2020-15483.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.niscomed.com/multipara-monitor.html", + "refsource": "MISC", + "name": "https://www.niscomed.com/multipara-monitor.html" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/unauthenticated-uart-root-shell--in-niscomed-patient-monitor", + "url": "https://payatu.com/advisory/unauthenticated-uart-root-shell--in-niscomed-patient-monitor" } ] } diff --git a/2020/15xxx/CVE-2020-15486.json b/2020/15xxx/CVE-2020-15486.json index 8feeb7c7d2a..fcd649edd44 100644 --- a/2020/15xxx/CVE-2020-15486.json +++ b/2020/15xxx/CVE-2020-15486.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15486", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15486", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/lack-of-bluetooth-le-encryption-and-access-control-in-dr-trust-ecg-or-ekg-pen", + "url": "https://payatu.com/advisory/lack-of-bluetooth-le-encryption-and-access-control-in-dr-trust-ecg-or-ekg-pen" } ] } diff --git a/2020/24xxx/CVE-2020-24661.json b/2020/24xxx/CVE-2020-24661.json index 43da720fa8d..dce82c62e54 100644 --- a/2020/24xxx/CVE-2020-24661.json +++ b/2020/24xxx/CVE-2020-24661.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/geary/-/issues/866", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/geary/-/issues/866" } ] } diff --git a/2020/5xxx/CVE-2020-5921.json b/2020/5xxx/CVE-2020-5921.json index dc7daec6f04..a7cd20bc744 100644 --- a/2020/5xxx/CVE-2020-5921.json +++ b/2020/5xxx/CVE-2020-5921.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K00103216", + "url": "https://support.f5.com/csp/article/K00103216" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected." } ] } diff --git a/2020/5xxx/CVE-2020-5925.json b/2020/5xxx/CVE-2020-5925.json index d59e166cb6c..2af34576c0e 100644 --- a/2020/5xxx/CVE-2020-5925.json +++ b/2020/5xxx/CVE-2020-5925.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K45421311", + "url": "https://support.f5.com/csp/article/K45421311" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances." } ] } diff --git a/2020/5xxx/CVE-2020-5926.json b/2020/5xxx/CVE-2020-5926.json index e212fe6def4..dd517a9cfba 100644 --- a/2020/5xxx/CVE-2020-5926.json +++ b/2020/5xxx/CVE-2020-5926.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K42830212", + "url": "https://support.f5.com/csp/article/K42830212" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache." } ] } diff --git a/2020/5xxx/CVE-2020-5927.json b/2020/5xxx/CVE-2020-5927.json index c000a8be4b2..776be345d00 100644 --- a/2020/5xxx/CVE-2020-5927.json +++ b/2020/5xxx/CVE-2020-5927.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K55873574", + "url": "https://support.f5.com/csp/article/K55873574" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting." } ] } diff --git a/2020/5xxx/CVE-2020-5928.json b/2020/5xxx/CVE-2020-5928.json index 9daf03086e4..928df8a59e5 100644 --- a/2020/5xxx/CVE-2020-5928.json +++ b/2020/5xxx/CVE-2020-5928.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K40843345", + "url": "https://support.f5.com/csp/article/K40843345" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times." } ] }