diff --git a/2019/3xxx/CVE-2019-3698.json b/2019/3xxx/CVE-2019-3698.json index 9b6818a2c1c..8e0373ca769 100644 --- a/2019/3xxx/CVE-2019-3698.json +++ b/2019/3xxx/CVE-2019-3698.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-02-28T00:00:00.000Z", "ID": "CVE-2019-3698", "STATE": "PUBLIC", @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race.\nThis issue affects:\nSUSE Linux Enterprise Server 12\nnagios version 3.5.1-5.27 and prior versions.\nSUSE Linux Enterprise Server 11\nnagios version 3.0.6-1.25.36.3.1 and prior versions.\nopenSUSE Factory\nnagios version 4.4.5-2.1 and prior versions." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions." } ] }, diff --git a/2019/8xxx/CVE-2019-8641.json b/2019/8xxx/CVE-2019-8641.json index 18afc54de98..c47305ed05c 100644 --- a/2019/8xxx/CVE-2019-8641.json +++ b/2019/8xxx/CVE-2019-8641.json @@ -20,29 +20,18 @@ "version_data": [ { "version_affected": "<", - "version_value": "iOS 12.4" + "version_value": "iOS 12.4.2" } ] } }, { - "product_name": "macOS", + "product_name": "iOS", "version": { "version_data": [ { "version_affected": "<", - "version_value": "macOS Mojave 10.14.6" - } - ] - } - }, - { - "product_name": "tvOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "tvOS 12.4" + "version_value": "iOS 13" } ] } @@ -53,7 +42,29 @@ "version_data": [ { "version_affected": "<", - "version_value": "watchOS 5.3" + "version_value": "watchOS 6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.6 Supplemental Update 2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.3.2" } ] } @@ -79,24 +90,29 @@ "references": { "reference_data": [ { - "url": "https://support.apple.com/HT210353", + "url": "https://support.apple.com/HT210606", "refsource": "MISC", - "name": "https://support.apple.com/HT210353" + "name": "https://support.apple.com/HT210606" }, { - "url": "https://support.apple.com/HT210346", + "url": "https://support.apple.com/HT210589", "refsource": "MISC", - "name": "https://support.apple.com/HT210346" + "name": "https://support.apple.com/HT210589" }, { - "url": "https://support.apple.com/HT210348", + "url": "https://support.apple.com/HT210607", "refsource": "MISC", - "name": "https://support.apple.com/HT210348" + "name": "https://support.apple.com/HT210607" }, { - "url": "https://support.apple.com/HT210351", + "url": "https://support.apple.com/HT210590", "refsource": "MISC", - "name": "https://support.apple.com/HT210351" + "name": "https://support.apple.com/HT210590" + }, + { + "url": "https://support.apple.com/HT210588", + "refsource": "MISC", + "name": "https://support.apple.com/HT210588" } ] }, @@ -104,7 +120,7 @@ "description_data": [ { "lang": "eng", - "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." + "value": "An out-of-bounds read was addressed with improved input validation." } ] } diff --git a/2019/8xxx/CVE-2019-8741.json b/2019/8xxx/CVE-2019-8741.json index cdef0f36873..0b2f833aad0 100644 --- a/2019/8xxx/CVE-2019-8741.json +++ b/2019/8xxx/CVE-2019-8741.json @@ -1,17 +1,158 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8741", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8741", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.1" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.7" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a large input may lead to a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT210635", + "refsource": "MISC", + "name": "https://support.apple.com/HT210635" + }, + { + "url": "https://support.apple.com/HT210636", + "refsource": "MISC", + "name": "https://support.apple.com/HT210636" + }, + { + "url": "https://support.apple.com/HT210637", + "refsource": "MISC", + "name": "https://support.apple.com/HT210637" + }, + { + "url": "https://support.apple.com/HT210606", + "refsource": "MISC", + "name": "https://support.apple.com/HT210606" + }, + { + "url": "https://support.apple.com/HT210634", + "refsource": "MISC", + "name": "https://support.apple.com/HT210634" + }, + { + "url": "https://support.apple.com/HT210604", + "refsource": "MISC", + "name": "https://support.apple.com/HT210604" + }, + { + "url": "https://support.apple.com/HT210607", + "refsource": "MISC", + "name": "https://support.apple.com/HT210607" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service issue was addressed with improved input validation." } ] } diff --git a/2020/9xxx/CVE-2020-9399.json b/2020/9xxx/CVE-2020-9399.json index 01a7b2026db..85ada00a969 100644 --- a/2020/9xxx/CVE-2020-9399.json +++ b/2020/9xxx/CVE-2020-9399.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9399", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9399", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html", + "refsource": "MISC", + "name": "https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2020/Feb/35", + "url": "https://seclists.org/fulldisclosure/2020/Feb/35" } ] } diff --git a/2020/9xxx/CVE-2020-9442.json b/2020/9xxx/CVE-2020-9442.json index 5716ade6e2a..0e568b3df23 100644 --- a/2020/9xxx/CVE-2020-9442.json +++ b/2020/9xxx/CVE-2020-9442.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9442", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9442", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\\OpenVPN Connect\\drivers\\tap\\amd64\\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hessandrew/CVE-2020-9442", + "url": "https://github.com/hessandrew/CVE-2020-9442" } ] }