diff --git a/2019/14xxx/CVE-2019-14756.json b/2019/14xxx/CVE-2019-14756.json new file mode 100644 index 00000000000..6b2ade97760 --- /dev/null +++ b/2019/14xxx/CVE-2019-14756.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://research.nccgroup.com/2020/08/21/technical-advisory-multiple-html-injection-vulnerabilities-in-kaios-pre-installed-mobile-applications/", + "url": "https://research.nccgroup.com/2020/08/21/technical-advisory-multiple-html-injection-vulnerabilities-in-kaios-pre-installed-mobile-applications/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0570.json b/2020/0xxx/CVE-2020-0570.json new file mode 100644 index 00000000000..7b0257b4d1d --- /dev/null +++ b/2020/0xxx/CVE-2020-0570.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0570", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QT Library", + "version": { + "version_data": [ + { + "version_value": "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13284.json b/2020/13xxx/CVE-2020-13284.json index e73f1fefa95..739e985d7a3 100644 --- a/2020/13xxx/CVE-2020-13284.json +++ b/2020/13xxx/CVE-2020-13284.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.3, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/221040", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/221040", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13284.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13284.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13287.json b/2020/13xxx/CVE-2020-13287.json index a5d5b8dc63a..959534b2286 100644 --- a/2020/13xxx/CVE-2020-13287.json +++ b/2020/13xxx/CVE-2020-13287.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.0, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/227820", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/227820", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/919468", + "url": "https://hackerone.com/reports/919468", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13287.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13287.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [@ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13289.json b/2020/13xxx/CVE-2020-13289.json index 24672e55189..2df6a492aa3 100644 --- a/2020/13xxx/CVE-2020-13289.json +++ b/2020/13xxx/CVE-2020-13289.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.7, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authentication in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/20302", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/20302", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13289.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13289.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated." } ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } } } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13299.json b/2020/13xxx/CVE-2020-13299.json index eaa80a654e3..36ba3d910d1 100644 --- a/2020/13xxx/CVE-2020-13299.json +++ b/2020/13xxx/CVE-2020-13299.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=1.0, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient session expiration in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/222508", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/222508", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/896225", + "url": "https://hackerone.com/reports/896225", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13299.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13299.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 0, + "baseSeverity": "NONE" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [vaib25vicky](https://hackerone.com/vaib25vicky) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13300.json b/2020/13xxx/CVE-2020-13300.json index 299ab833956..1b01e540731 100644 --- a/2020/13xxx/CVE-2020-13300.json +++ b/2020/13xxx/CVE-2020-13300.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13300", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.3 <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/219931", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/219931", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/884766", + "url": "https://hackerone.com/reports/884766", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 8.0, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [fushbey](https://hackerone.com/fushbey) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13316.json b/2020/13xxx/CVE-2020-13316.json index a5b08688976..6aa405a8adb 100644 --- a/2020/13xxx/CVE-2020-13316.json +++ b/2020/13xxx/CVE-2020-13316.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=1.0, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/220137", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/220137", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/884174", + "url": "https://hackerone.com/reports/884174", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13316.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13316.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [vaib25vicky](https://hackerone.com/vaib25vicky) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13318.json b/2020/13xxx/CVE-2020-13318.json index d3ad70c5e78..785e0f2d241 100644 --- a/2020/13xxx/CVE-2020-13318.json +++ b/2020/13xxx/CVE-2020-13318.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-13318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "privilegesRequired": "LOW", + "baseSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "baseScore": 6.4, + "availabilityImpact": "NONE", + "version": "3.1", + "scope": "UNCHANGED", + "integrityImpact": "HIGH", + "confidentialityImpact": "HIGH" + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ">=12.6, <13.0.12" + }, + { + "version_value": ">=13.1, <13.1.10" + }, + { + "version_value": ">=13.2, <13.2.8" + }, + { + "version_value": ">=13.3, <13.3.4" + } + ] + }, + "product_name": "GitLab" + } + ] + }, + "vendor_name": "GitLab" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/228915", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/228915" + }, + { + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13318.json", + "refsource": "CONFIRM", + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13318.json" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-13318", + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" } } \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24457.json b/2020/24xxx/CVE-2020-24457.json index fb3b01ad06c..c8496ab38fb 100644 --- a/2020/24xxx/CVE-2020-24457.json +++ b/2020/24xxx/CVE-2020-24457.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th, 9th and 10th Generation Intel(R) Core(TM) Processors" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access." } ] } diff --git a/2020/25xxx/CVE-2020-25573.json b/2020/25xxx/CVE-2020-25573.json new file mode 100644 index 00000000000..957705db0df --- /dev/null +++ b/2020/25xxx/CVE-2020-25573.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2020-0026.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2020-0026.html" + }, + { + "url": "https://github.com/contain-rs/linked-hash-map/pull/100", + "refsource": "MISC", + "name": "https://github.com/contain-rs/linked-hash-map/pull/100" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25574.json b/2020/25xxx/CVE-2020-25574.json new file mode 100644 index 00000000000..f307e1093ef --- /dev/null +++ b/2020/25xxx/CVE-2020-25574.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0033.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0033.html" + }, + { + "url": "https://github.com/hyperium/http/issues/352", + "refsource": "MISC", + "name": "https://github.com/hyperium/http/issues/352" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25575.json b/2020/25xxx/CVE-2020-25575.json new file mode 100644 index 00000000000..f4c87d5fe75 --- /dev/null +++ b/2020/25xxx/CVE-2020-25575.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rust-lang-nursery/failure/issues/336", + "refsource": "MISC", + "name": "https://github.com/rust-lang-nursery/failure/issues/336" + }, + { + "url": "https://rustsec.org/advisories/RUSTSEC-2020-0036.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2020-0036.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25576.json b/2020/25xxx/CVE-2020-25576.json new file mode 100644 index 00000000000..b4082f8e80f --- /dev/null +++ b/2020/25xxx/CVE-2020-25576.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0035.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0035.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8244.json b/2020/8xxx/CVE-2020-8244.json index 604501e23d3..8ca106b7352 100644 --- a/2020/8xxx/CVE-2020-8244.json +++ b/2020/8xxx/CVE-2020-8244.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Fixed in 4.0.3, 3.0.1 and 2.2.1" + "version_value": "Fixed in 4.0.3, 3.0.1, 2.2.1, and 1.2.3" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." + "value": "A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls." } ] }