admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-15 23:01:47 +00:00
parent 64cfcf8521
commit 6c266591eb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 134 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2020/10xxx/CVE-2020-10766.json
View File

@ -4,15 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux Kernel",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "before 5.8-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10766",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10766",
"refsource": "CONFIRM"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbbe2ad02e9df26e372f38cc3e70dab9222c832e",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbbe2ad02e9df26e372f38cc3e70dab9222c832e"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}

65
2020/10xxx/CVE-2020-10767.json
View File

@ -4,15 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux Kernel",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "before 5.8-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}

5
2020/24xxx/CVE-2020-24659.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-0ab6656303",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"refsource": "UBUNTU",
"name": "USN-4491-1",
"url": "https://usn.ubuntu.com/4491-1/"
}
]
}

9
2020/7xxx/CVE-2020-7293.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.\n"
"value": "Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface."
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323"
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10323"
}
]
},
@ -83,4 +84,4 @@
"advisory": "SB10323",
"discovery": "EXTERNAL"
}
}
}