diff --git a/2020/12xxx/CVE-2020-12930.json b/2020/12xxx/CVE-2020-12930.json index c67e1c481ba..65f0d147b1a 100644 --- a/2020/12xxx/CVE-2020-12930.json +++ b/2020/12xxx/CVE-2020-12930.json @@ -1,14 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2020-12930", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { @@ -32,51 +55,87 @@ } ] } + }, + { + "product_name": "AMD Ryzen(TM) Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "TBD" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" - } - ] - }, "source": { - "advisory": "AMD-SB-1029", + "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12931.json b/2020/12xxx/CVE-2020-12931.json index ca00d6ff798..d6a76231933 100644 --- a/2020/12xxx/CVE-2020-12931.json +++ b/2020/12xxx/CVE-2020-12931.json @@ -1,14 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2020-12931", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { @@ -32,51 +55,76 @@ } ] } + }, + { + "product_name": "AMD Ryzen(TM) Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen(TM) Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "TBD" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" - } - ] - }, "source": { - "advisory": "AMD-SB-1029", + "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26345.json b/2021/26xxx/CVE-2021-26345.json index 75210fc81c6..d9fd34bfc50 100644 --- a/2021/26xxx/CVE-2021-26345.json +++ b/2021/26xxx/CVE-2021-26345.json @@ -55,6 +55,28 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -86,6 +108,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -93,7 +120,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-3002", + "advisory": "AMD-SB-3002, AMD-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26392.json b/2021/26xxx/CVE-2021-26392.json index 42fc6b6db09..45802cee2e2 100644 --- a/2021/26xxx/CVE-2021-26392.json +++ b/2021/26xxx/CVE-2021-26392.json @@ -1,14 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26392", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { @@ -54,51 +77,98 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122Embedded V3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA." + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "TBD" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" - } - ] - }, "source": { - "advisory": "AMD-SB-1029", + "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26393.json b/2021/26xxx/CVE-2021-26393.json index 5d98e164292..9baf202a65b 100644 --- a/2021/26xxx/CVE-2021-26393.json +++ b/2021/26xxx/CVE-2021-26393.json @@ -1,14 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26393", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { @@ -54,51 +77,76 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality." + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "TBD" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" - } - ] - }, "source": { - "advisory": "AMD-SB-1029", + "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46754.json b/2021/46xxx/CVE-2021-46754.json index 0080e3255b7..bba18bc42cd 100644 --- a/2021/46xxx/CVE-2021-46754.json +++ b/2021/46xxx/CVE-2021-46754.json @@ -132,6 +132,50 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -145,6 +189,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -152,7 +201,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4001", + "advisory": "AMD-SB-4001, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46757.json b/2021/46xxx/CVE-2021-46757.json index a040f957b2c..e8126c0557c 100644 --- a/2021/46xxx/CVE-2021-46757.json +++ b/2021/46xxx/CVE-2021-46757.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient checking of memory buffer in ASP\nSecure OS may allow an attacker with a malicious TA to read/write to the ASP\nSecure OS kernel virtual address space potentially leading to privilege\nescalation.\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-5001", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46762.json b/2021/46xxx/CVE-2021-46762.json index 58e0b5631e1..5fa552fbb93 100644 --- a/2021/46xxx/CVE-2021-46762.json +++ b/2021/46xxx/CVE-2021-46762.json @@ -55,6 +55,28 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -68,6 +90,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -75,7 +102,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-3001", + "advisory": "AMD-SB-3001, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46766.json b/2021/46xxx/CVE-2021-46766.json index 48c4fe7d5bf..0c70accb7f6 100644 --- a/2021/46xxx/CVE-2021-46766.json +++ b/2021/46xxx/CVE-2021-46766.json @@ -55,6 +55,17 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 9003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -73,6 +84,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -80,7 +96,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46774.json b/2021/46xxx/CVE-2021-46774.json index adef270d8ee..3bb9013ca30 100644 --- a/2021/46xxx/CVE-2021-46774.json +++ b/2021/46xxx/CVE-2021-46774.json @@ -132,6 +132,50 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -150,6 +194,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -157,7 +206,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23820.json b/2022/23xxx/CVE-2022-23820.json index 92ef605c626..2cff65b1527 100644 --- a/2022/23xxx/CVE-2022-23820.json +++ b/2022/23xxx/CVE-2022-23820.json @@ -231,6 +231,17 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -249,6 +260,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -256,7 +272,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23821.json b/2022/23xxx/CVE-2022-23821.json index c5b8ed89163..0c272ae5dae 100644 --- a/2022/23xxx/CVE-2022-23821.json +++ b/2022/23xxx/CVE-2022-23821.json @@ -235,6 +235,72 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -248,6 +314,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -255,7 +326,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002", + "advisory": "AMD-SB-4002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23830.json b/2022/23xxx/CVE-2022-23830.json index a52f65e85af..265a99680cc 100644 --- a/2022/23xxx/CVE-2022-23830.json +++ b/2022/23xxx/CVE-2022-23830.json @@ -44,6 +44,17 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003 ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -53,7 +64,7 @@ "product": { "product_data": [ { - "product_name": "4th Gen AMD EPYC\u2122 Processors ", + "product_name": "4th Gen AMD EPY\u2122 Processors ", "version": { "version_data": [ { @@ -75,6 +86,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -82,7 +98,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-3002", + "advisory": "AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20521.json b/2023/20xxx/CVE-2023-20521.json index a5e4b149fef..a6ce88b811a 100644 --- a/2023/20xxx/CVE-2023-20521.json +++ b/2023/20xxx/CVE-2023-20521.json @@ -121,6 +121,72 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } } ] } @@ -139,6 +205,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -146,7 +217,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20526.json b/2023/20xxx/CVE-2023-20526.json index 010b68d734b..f63791d43bc 100644 --- a/2023/20xxx/CVE-2023-20526.json +++ b/2023/20xxx/CVE-2023-20526.json @@ -77,6 +77,39 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -95,6 +128,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -102,7 +140,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20533.json b/2023/20xxx/CVE-2023-20533.json index 1323a314cd2..0f6e538e395 100644 --- a/2023/20xxx/CVE-2023-20533.json +++ b/2023/20xxx/CVE-2023-20533.json @@ -110,6 +110,39 @@ } ] } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7002", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD EPYC\u2122 Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -128,6 +161,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -135,7 +173,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002, AMD-SB-3002", + "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20563.json b/2023/20xxx/CVE-2023-20563.json index 08ee997fbab..e63d69090be 100644 --- a/2023/20xxx/CVE-2023-20563.json +++ b/2023/20xxx/CVE-2023-20563.json @@ -121,6 +121,50 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R1000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded R2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded 5000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -134,6 +178,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -141,7 +190,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002", + "advisory": "AMD-SB-4002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20565.json b/2023/20xxx/CVE-2023-20565.json index 5bc0bbaae5e..1f30d2352cb 100644 --- a/2023/20xxx/CVE-2023-20565.json +++ b/2023/20xxx/CVE-2023-20565.json @@ -110,6 +110,17 @@ } ] } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } } ] } @@ -123,6 +134,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001" } ] }, @@ -130,7 +146,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "advisory": "AMD-SB-4002", + "advisory": "AMD-SB-4002, AMD-SB-5001", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20579.json b/2023/20xxx/CVE-2023-20579.json index a0b3a128a42..8814a5de91d 100644 --- a/2023/20xxx/CVE-2023-20579.json +++ b/2023/20xxx/CVE-2023-20579.json @@ -1,18 +1,217 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7000 Series Desktop Processor ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + }, + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7045 Series Mobile Processors ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V2000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 Embedded V3000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-7009", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20587.json b/2023/20xxx/CVE-2023-20587.json index 1dbe33ec742..2bd9d7b4007 100644 --- a/2023/20xxx/CVE-2023-20587.json +++ b/2023/20xxx/CVE-2023-20587.json @@ -1,18 +1,155 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various " + } + ] + } + }, + { + "product_name": "4th Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "1st Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC(TM) Embedded 3000 ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC(TM) Embedded 7002 ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC(TM) Embedded 7003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + }, + { + "product_name": "AMD EPYC(TM) Embedded 9003", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-7009", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2804.json b/2023/2xxx/CVE-2023-2804.json index 3486f48cec1..1fc38a21c80 100644 --- a/2023/2xxx/CVE-2023-2804.json +++ b/2023/2xxx/CVE-2023-2804.json @@ -68,6 +68,11 @@ "refsource": "MISC", "name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118" + }, + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2976.json b/2023/2xxx/CVE-2023-2976.json index f488d7a9370..c6e49c1ed60 100644 --- a/2023/2xxx/CVE-2023-2976.json +++ b/2023/2xxx/CVE-2023-2976.json @@ -63,6 +63,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230818-0008/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230818-0008/" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html" } ] }, diff --git a/2023/31xxx/CVE-2023-31346.json b/2023/31xxx/CVE-2023-31346.json index 622f5841d1e..dc3833c27f1 100644 --- a/2023/31xxx/CVE-2023-31346.json +++ b/2023/31xxx/CVE-2023-31346.json @@ -1,18 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "4th Gen AMD EPYC\u2122 Processors ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-3007", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31347.json b/2023/31xxx/CVE-2023-31347.json index 1ba6ad1a674..b005f28a0e8 100644 --- a/2023/31xxx/CVE-2023-31347.json +++ b/2023/31xxx/CVE-2023-31347.json @@ -1,18 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "4th Gen AMD EPYC\u2122 Processors ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-3007", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1481.json b/2024/1xxx/CVE-2024-1481.json new file mode 100644 index 00000000000..69809181d74 --- /dev/null +++ b/2024/1xxx/CVE-2024-1481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24590.json b/2024/24xxx/CVE-2024-24590.json index 9b69600455c..c7ac6e9b5b5 100644 --- a/2024/24xxx/CVE-2024-24590.json +++ b/2024/24xxx/CVE-2024-24590.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n" + "value": "Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n" } ] }, @@ -44,7 +44,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "lessThanOrEqual": "*", + "lessThan": "1.14.3", "status": "affected", "version": "0.17.0", "versionType": "custom" diff --git a/2024/24xxx/CVE-2024-24591.json b/2024/24xxx/CVE-2024-24591.json index 9c3f172ad2a..4680197c727 100644 --- a/2024/24xxx/CVE-2024-24591.json +++ b/2024/24xxx/CVE-2024-24591.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A path traversal vulnerability in version 1.4.0 or newer of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n" + "value": "A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n" } ] }, diff --git a/2024/25xxx/CVE-2024-25122.json b/2024/25xxx/CVE-2024-25122.json index 85accaa0e06..36a2a856e40 100644 --- a/2024/25xxx/CVE-2024-25122.json +++ b/2024/25xxx/CVE-2024-25122.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' \"admin\" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mhenrixon", + "product": { + "product_data": [ + { + "product_name": "sidekiq-unique-jobs", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 7.1.33" + }, + { + "version_affected": "=", + "version_value": ">= 8.0.0, < 8.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38", + "refsource": "MISC", + "name": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38" + }, + { + "url": "https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed", + "refsource": "MISC", + "name": "https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed" + } + ] + }, + "source": { + "advisory": "GHSA-cmh9-rx85-xj38", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25984.json b/2024/25xxx/CVE-2024-25984.json new file mode 100644 index 00000000000..8fe404cac78 --- /dev/null +++ b/2024/25xxx/CVE-2024-25984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25985.json b/2024/25xxx/CVE-2024-25985.json new file mode 100644 index 00000000000..82a2347c3b7 --- /dev/null +++ b/2024/25xxx/CVE-2024-25985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25986.json b/2024/25xxx/CVE-2024-25986.json new file mode 100644 index 00000000000..0d2aa4046d8 --- /dev/null +++ b/2024/25xxx/CVE-2024-25986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25987.json b/2024/25xxx/CVE-2024-25987.json new file mode 100644 index 00000000000..b7495153bd9 --- /dev/null +++ b/2024/25xxx/CVE-2024-25987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25988.json b/2024/25xxx/CVE-2024-25988.json new file mode 100644 index 00000000000..c73241daa58 --- /dev/null +++ b/2024/25xxx/CVE-2024-25988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25989.json b/2024/25xxx/CVE-2024-25989.json new file mode 100644 index 00000000000..12b03757bc9 --- /dev/null +++ b/2024/25xxx/CVE-2024-25989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25990.json b/2024/25xxx/CVE-2024-25990.json new file mode 100644 index 00000000000..18f88403df4 --- /dev/null +++ b/2024/25xxx/CVE-2024-25990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25991.json b/2024/25xxx/CVE-2024-25991.json new file mode 100644 index 00000000000..dc6d4c38fa4 --- /dev/null +++ b/2024/25xxx/CVE-2024-25991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25992.json b/2024/25xxx/CVE-2024-25992.json new file mode 100644 index 00000000000..66a10976bca --- /dev/null +++ b/2024/25xxx/CVE-2024-25992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25993.json b/2024/25xxx/CVE-2024-25993.json new file mode 100644 index 00000000000..9eb585a524f --- /dev/null +++ b/2024/25xxx/CVE-2024-25993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file