diff --git a/2013/1xxx/CVE-2013-1595.json b/2013/1xxx/CVE-2013-1595.json index 93ee79e4feb..f2e009803e8 100644 --- a/2013/1xxx/CVE-2013-1595.json +++ b/2013/1xxx/CVE-2013-1595.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59573", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59573" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1595", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595" } ] } diff --git a/2013/1xxx/CVE-2013-1596.json b/2013/1xxx/CVE-2013-1596.json index 4732ce5c5c1..cfe268e5165 100644 --- a/2013/1xxx/CVE-2013-1596.json +++ b/2013/1xxx/CVE-2013-1596.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1596", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59574", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59574" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1596", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1596" } ] } diff --git a/2014/9xxx/CVE-2014-9720.json b/2014/9xxx/CVE-2014-9720.json index 817a319ccd8..e8f00b12983 100644 --- a/2014/9xxx/CVE-2014-9720.json +++ b/2014/9xxx/CVE-2014-9720.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9720", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", + "url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", + "url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=930362", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=930362" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/19/4", + "url": "http://openwall.com/lists/oss-security/2015/05/19/4" } ] } diff --git a/2015/1xxx/CVE-2015-1525.json b/2015/1xxx/CVE-2015-1525.json index e3ef329d33f..b8b9f5741af 100644 --- a/2015/1xxx/CVE-2015-1525.json +++ b/2015/1xxx/CVE-2015-1525.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1525", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/", + "url": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/" } ] } diff --git a/2015/1xxx/CVE-2015-1530.json b/2015/1xxx/CVE-2015-1530.json index 4409290e48e..b5ac8acd5ce 100644 --- a/2015/1xxx/CVE-2015-1530.json +++ b/2015/1xxx/CVE-2015-1530.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1530", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/", + "url": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/" } ] } diff --git a/2015/2xxx/CVE-2015-2688.json b/2015/2xxx/CVE-2015-2688.json index d72b82fff45..8c213f9bb72 100644 --- a/2015/2xxx/CVE-2015-2688.json +++ b/2015/2xxx/CVE-2015-2688.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2688", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15083", + "url": "https://trac.torproject.org/projects/tor/ticket/15083" } ] } diff --git a/2015/2xxx/CVE-2015-2689.json b/2015/2xxx/CVE-2015-2689.json index e82711b7303..188ccdaf706 100644 --- a/2015/2xxx/CVE-2015-2689.json +++ b/2015/2xxx/CVE-2015-2689.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2689", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/14129", + "url": "https://trac.torproject.org/projects/tor/ticket/14129" } ] } diff --git a/2015/2xxx/CVE-2015-2928.json b/2015/2xxx/CVE-2015-2928.json index 092f2564b4c..6b42c608d8e 100644 --- a/2015/2xxx/CVE-2015-2928.json +++ b/2015/2xxx/CVE-2015-2928.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2928", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://trac.torproject.org/projects/tor/ticket/15600", + "url": "https://trac.torproject.org/projects/tor/ticket/15600" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20150406 CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" } ] } diff --git a/2015/2xxx/CVE-2015-2929.json b/2015/2xxx/CVE-2015-2929.json index cd675f8ec81..ae8a517a359 100644 --- a/2015/2xxx/CVE-2015-2929.json +++ b/2015/2xxx/CVE-2015-2929.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2929", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service - Malformed Input" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/04/06/5", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15601", + "url": "https://trac.torproject.org/projects/tor/ticket/15601" } ] } diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index baca5a23acf..6f763557cf6 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19363", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19363", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2020/0122_1/", + "url": "https://www.ricoh.com/info/2020/0122_1/" } ] } diff --git a/2020/6xxx/CVE-2020-6965.json b/2020/6xxx/CVE-2020-6965.json index 0a53db0dd38..6120058acdf 100644 --- a/2020/6xxx/CVE-2020-6965.json +++ b/2020/6xxx/CVE-2020-6965.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package." } ] } diff --git a/2020/6xxx/CVE-2020-6966.json b/2020/6xxx/CVE-2020-6966.json index a26fa98a6a6..5b08c3f0213 100644 --- a/2020/6xxx/CVE-2020-6966.json +++ b/2020/6xxx/CVE-2020-6966.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network." } ] } diff --git a/2020/7xxx/CVE-2020-7957.json b/2020/7xxx/CVE-2020-7957.json new file mode 100644 index 00000000000..1a405df7970 --- /dev/null +++ b/2020/7xxx/CVE-2020-7957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file