mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
b717e9fc56
commit
2a621ceeba
@ -1,14 +1,37 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
|
||||
"ID": "CVE-2020-12930",
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
@ -32,51 +55,87 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "AMD"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TBD"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-1029",
|
||||
"advisory": "AMD-SB-1029, AMD-SB-5001",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,14 +1,37 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
|
||||
"ID": "CVE-2020-12931",
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
@ -32,51 +55,76 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen(TM) Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "AMD"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TBD"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-1029",
|
||||
"advisory": "AMD-SB-1029, AMD-SB-5001",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -55,6 +55,28 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -86,6 +108,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -93,7 +120,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-3002",
|
||||
"advisory": "AMD-SB-3002, AMD-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,14 +1,37 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
|
||||
"ID": "CVE-2021-26392",
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
@ -54,51 +77,98 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122Embedded V3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "AMD"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TBD"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-1029",
|
||||
"advisory": "AMD-SB-1029, AMD-SB-5001",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,14 +1,37 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
|
||||
"ID": "CVE-2021-26393",
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
@ -54,51 +77,76 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "AMD"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TBD"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-1029",
|
||||
"advisory": "AMD-SB-1029, AMD-SB-5001",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -132,6 +132,50 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -145,6 +189,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -152,7 +201,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4001",
|
||||
"advisory": "AMD-SB-4001, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,70 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-46757",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Insufficient checking of memory buffer in ASP\nSecure OS may allow an attacker with a malicious TA to read/write to the ASP\nSecure OS kernel virtual address space potentially leading to privilege\nescalation.\n\n\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -55,6 +55,28 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -68,6 +90,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -75,7 +102,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-3001",
|
||||
"advisory": "AMD-SB-3001, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -55,6 +55,17 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 9003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -73,6 +84,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -80,7 +96,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -132,6 +132,50 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -150,6 +194,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -157,7 +206,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -231,6 +231,17 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -249,6 +260,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -256,7 +272,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -235,6 +235,72 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -248,6 +314,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -255,7 +326,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -44,6 +44,17 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003 ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -53,7 +64,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "4th Gen AMD EPYC\u2122 Processors ",
|
||||
"product_name": "4th Gen AMD EPY\u2122 Processors ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -75,6 +86,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -82,7 +98,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-3002",
|
||||
"advisory": "AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -121,6 +121,72 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -139,6 +205,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -146,7 +217,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -77,6 +77,39 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -95,6 +128,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -102,7 +140,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -110,6 +110,39 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7002",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC\u2122 Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -128,6 +161,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -135,7 +173,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -121,6 +121,50 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R1000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded R2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded 5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -134,6 +178,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -141,7 +190,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -110,6 +110,17 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -123,6 +134,11 @@
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
|
||||
},
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -130,7 +146,7 @@
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-4002",
|
||||
"advisory": "AMD-SB-4002, AMD-SB-5001",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,217 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-20579",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V2000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 Embedded V3000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-7009",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,155 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-20587",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "3rd Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "4th Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "1st Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "affected",
|
||||
"version": "various"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "2nd Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC(TM) Embedded 3000 ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC(TM) Embedded 7002 ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC(TM) Embedded 7003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AMD EPYC(TM) Embedded 9003",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "various"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-7009",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -68,6 +68,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118",
|
||||
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html",
|
||||
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -63,6 +63,11 @@
|
||||
"url": "https://security.netapp.com/advisory/ntap-20230818-0008/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20230818-0008/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-31346",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "3rd Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "affected",
|
||||
"version": "various "
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"vendor_name": " AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "4th Gen AMD EPYC\u2122 Processors ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "affected",
|
||||
"version": "various "
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-3007",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-31347",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@amd.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "3rd Gen AMD EPYC\u2122 Processors",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "affected",
|
||||
"version": "various "
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"vendor_name": " AMD",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "4th Gen AMD EPYC\u2122 Processors ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "affected",
|
||||
"version": "various "
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "AMD-SB-3007",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
18
2024/1xxx/CVE-2024-1481.json
Normal file
18
2024/1xxx/CVE-2024-1481.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1481",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n"
|
||||
"value": "Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,7 +44,7 @@
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "*",
|
||||
"lessThan": "1.14.3",
|
||||
"status": "affected",
|
||||
"version": "0.17.0",
|
||||
"versionType": "custom"
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A path traversal vulnerability in version 1.4.0 or newer of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n"
|
||||
"value": "A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,94 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25122",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' \"admin\" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "mhenrixon",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "sidekiq-unique-jobs",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 7.1.33"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 8.0.0, < 8.0.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-cmh9-rx85-xj38",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2024/25xxx/CVE-2024-25984.json
Normal file
18
2024/25xxx/CVE-2024-25984.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25984",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25985.json
Normal file
18
2024/25xxx/CVE-2024-25985.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25985",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25986.json
Normal file
18
2024/25xxx/CVE-2024-25986.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25986",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25987.json
Normal file
18
2024/25xxx/CVE-2024-25987.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25987",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25988.json
Normal file
18
2024/25xxx/CVE-2024-25988.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25988",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25989.json
Normal file
18
2024/25xxx/CVE-2024-25989.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25989",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25990.json
Normal file
18
2024/25xxx/CVE-2024-25990.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25990",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25991.json
Normal file
18
2024/25xxx/CVE-2024-25991.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25991",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25992.json
Normal file
18
2024/25xxx/CVE-2024-25992.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25992",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/25xxx/CVE-2024-25993.json
Normal file
18
2024/25xxx/CVE-2024-25993.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25993",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user