diff --git a/2019/11xxx/CVE-2019-11121.json b/2019/11xxx/CVE-2019-11121.json index 8fa6917df93..81dd190c7d8 100644 --- a/2019/11xxx/CVE-2019-11121.json +++ b/2019/11xxx/CVE-2019-11121.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Media SDK for Windows", + "version": { + "version_data": [ + { + "version_value": "before version 2019 R1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00262", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00262" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ] } diff --git a/2019/17xxx/CVE-2019-17566.json b/2019/17xxx/CVE-2019-17566.json new file mode 100644 index 00000000000..a14bb13fe48 --- /dev/null +++ b/2019/17xxx/CVE-2019-17566.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17566", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Batik", + "version": { + "version_data": [ + { + "version_value": "Apache Batik 1.12 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://xmlgraphics.apache.org/security.html", + "url": "https://xmlgraphics.apache.org/security.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17573.json b/2019/17xxx/CVE-2019-17573.json index 2a3a0660f2f..fb95c48cf3d 100644 --- a/2019/17xxx/CVE-2019-17573.json +++ b/2019/17xxx/CVE-2019-17573.json @@ -88,6 +88,11 @@ "refsource": "MLIST", "name": "[oss-security] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath", "url": "http://www.openwall.com/lists/oss-security/2020/11/12/2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath", + "url": "https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E" } ] }, diff --git a/2020/0xxx/CVE-2020-0575.json b/2020/0xxx/CVE-2020-0575.json new file mode 100644 index 00000000000..26fb5231f2e --- /dev/null +++ b/2020/0xxx/CVE-2020-0575.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0575", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Unite Client for Windows*", + "version": { + "version_data": [ + { + "version_value": "before version 4.2.13064" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00350", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00350" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0584.json b/2020/0xxx/CVE-2020-0584.json new file mode 100644 index 00000000000..c5ca4ebbc2c --- /dev/null +++ b/2020/0xxx/CVE-2020-0584.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0584", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0587.json b/2020/0xxx/CVE-2020-0587.json new file mode 100644 index 00000000000..5c09586d765 --- /dev/null +++ b/2020/0xxx/CVE-2020-0587.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0587", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0588.json b/2020/0xxx/CVE-2020-0588.json new file mode 100644 index 00000000000..c58b4467995 --- /dev/null +++ b/2020/0xxx/CVE-2020-0588.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0588", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0590.json b/2020/0xxx/CVE-2020-0590.json new file mode 100644 index 00000000000..2b39a97ba82 --- /dev/null +++ b/2020/0xxx/CVE-2020-0590.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0590", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0591.json b/2020/0xxx/CVE-2020-0591.json new file mode 100644 index 00000000000..a31c551f425 --- /dev/null +++ b/2020/0xxx/CVE-2020-0591.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0591", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0592.json b/2020/0xxx/CVE-2020-0592.json new file mode 100644 index 00000000000..19299975f5c --- /dev/null +++ b/2020/0xxx/CVE-2020-0592.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0592", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege and/or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0593.json b/2020/0xxx/CVE-2020-0593.json new file mode 100644 index 00000000000..eeb5ac3d3b0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0593.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0593", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12309.json b/2020/12xxx/CVE-2020-12309.json index 300f0a85709..1326104cb37 100644 --- a/2020/12xxx/CVE-2020-12309.json +++ b/2020/12xxx/CVE-2020-12309.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Client SSDs and some Intel(R) Data Center SSDs", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access." } ] } diff --git a/2020/12xxx/CVE-2020-12310.json b/2020/12xxx/CVE-2020-12310.json index d156da4df3f..160460bf232 100644 --- a/2020/12xxx/CVE-2020-12310.json +++ b/2020/12xxx/CVE-2020-12310.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Client SSDs and some Intel(R) Data Center SSDs", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access." } ] } diff --git a/2020/12xxx/CVE-2020-12311.json b/2020/12xxx/CVE-2020-12311.json index 02c7f4fb46f..36d6b3cd962 100644 --- a/2020/12xxx/CVE-2020-12311.json +++ b/2020/12xxx/CVE-2020-12311.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Client SSDs and some Intel(R) Data Center SSDs", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access." } ] } diff --git a/2020/13xxx/CVE-2020-13770.json b/2020/13xxx/CVE-2020-13770.json index 1d730424e65..be219adc070 100644 --- a/2020/13xxx/CVE-2020-13770.json +++ b/2020/13xxx/CVE-2020-13770.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13770", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13770", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user \u2018NT AUTHORITY\\SYSTEM\u2019, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user \u2018NT AUTHORITY\\NETWORK SERVICE\u2019)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation/", + "url": "https://labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation/" } ] } diff --git a/2020/13xxx/CVE-2020-13771.json b/2020/13xxx/CVE-2020-13771.json index 2b0c10fd3d2..a7485123dec 100644 --- a/2020/13xxx/CVE-2020-13771.json +++ b/2020/13xxx/CVE-2020-13771.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13771", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13771", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.jumpsec.com/advisory-cve-2020-13771-ivanti-uem-dll-hijacking/", + "url": "https://labs.jumpsec.com/advisory-cve-2020-13771-ivanti-uem-dll-hijacking/" } ] } diff --git a/2020/13xxx/CVE-2020-13948.json b/2020/13xxx/CVE-2020-13948.json index 6438925ee11..ac7541c3a16 100644 --- a/2020/13xxx/CVE-2020-13948.json +++ b/2020/13xxx/CVE-2020-13948.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E", "url": "https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[superset-notifications] 20201112 [GitHub] [incubator-superset] robdiciuccio commented on pull request #11617: feat: support 'chevron' library for templating as jinja alternative", + "url": "https://lists.apache.org/thread.html/r4fc7115f6e63ac255c48fc68c0da592df55fe4be47cae6378d39ac22@%3Cnotifications.superset.apache.org%3E" } ] }, diff --git a/2020/13xxx/CVE-2020-13954.json b/2020/13xxx/CVE-2020-13954.json index c16f62f86f8..5bb5275059b 100644 --- a/2020/13xxx/CVE-2020-13954.json +++ b/2020/13xxx/CVE-2020-13954.json @@ -92,6 +92,11 @@ "refsource": "MLIST", "name": "[oss-security] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath", "url": "http://www.openwall.com/lists/oss-security/2020/11/12/2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath", + "url": "https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E" } ] }, diff --git a/2020/16xxx/CVE-2020-16091.json b/2020/16xxx/CVE-2020-16091.json index 99389236ccb..7ae8beaab82 100644 --- a/2020/16xxx/CVE-2020-16091.json +++ b/2020/16xxx/CVE-2020-16091.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-16091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27708. Reason: This candidate is a reservation duplicate of [ID]. Notes: All CVE users should reference CVE-2020-27708 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/16xxx/CVE-2020-16846.json b/2020/16xxx/CVE-2020-16846.json index 6579f9c993e..b0ccb8b47fe 100644 --- a/2020/16xxx/CVE-2020-16846.json +++ b/2020/16xxx/CVE-2020-16846.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202011-13", "url": "https://security.gentoo.org/glsa/202011-13" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html" } ] } diff --git a/2020/24xxx/CVE-2020-24573.json b/2020/24xxx/CVE-2020-24573.json index 3aad8343224..c58d0c22f5b 100644 --- a/2020/24xxx/CVE-2020-24573.json +++ b/2020/24xxx/CVE-2020-24573.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24573", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://psytester.github.io/CVE-2020-24573/", + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2020-24573/" } ] } diff --git a/2020/25xxx/CVE-2020-25592.json b/2020/25xxx/CVE-2020-25592.json index 7316b777343..174c21498c9 100644 --- a/2020/25xxx/CVE-2020-25592.json +++ b/2020/25xxx/CVE-2020-25592.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202011-13", "url": "https://security.gentoo.org/glsa/202011-13" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28269.json b/2020/28xxx/CVE-2020-28269.json index 7c5c0f04681..7081f0775fc 100644 --- a/2020/28xxx/CVE-2020-28269.json +++ b/2020/28xxx/CVE-2020-28269.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "field", + "version": { + "version_data": [ + { + "version_value": "0.0.1, 0.1.0, 1.0.0, 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28269,", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28269," + }, + { + "refsource": "MISC", + "name": "https://github.com/jprichardson/field/blob/2a3811dfc4cdd13833977477d2533534fc61ce06/lib/field.js#L39", + "url": "https://github.com/jprichardson/field/blob/2a3811dfc4cdd13833977477d2533534fc61ce06/lib/field.js#L39" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28270.json b/2020/28xxx/CVE-2020-28270.json index 3874c29389c..9152bba473a 100644 --- a/2020/28xxx/CVE-2020-28270.json +++ b/2020/28xxx/CVE-2020-28270.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28270", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "object-hierarchy-access", + "version": { + "version_data": [ + { + "version_value": "0.32.0, 0.31.0, 0.30.0, 0.29.1, 0.29.0, 0.28.0, 0.27.1, 0.27.0, 0.26.0, 0.25.2, 0.25.1, 0.25.0, 0.24.0, 0.23.0, 0.22.0, 0.21.0, 0.20.2, 0.20.1, 0.20.0, 0.19.0, 0.18.0, 0.17.0, 0.16.0, 0.15.0, 0.14.1, 0.13.1, 0.12.0, 0.11.0, 0.10.0, 0.9.0, 0.8.0, 0.7.3, 0.7.2, 0.6.0, 0.5.2, 0.5.1, 0.4.3, 0.4.2, 0.4.1, 0.4.0, 0.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28270,", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28270," + }, + { + "refsource": "MISC", + "name": "https://github.com/mjpclab/object-hierarchy-access/commit/7b1aa134a8bc4a376296bcfac5c3463aef2b7572", + "url": "https://github.com/mjpclab/object-hierarchy-access/commit/7b1aa134a8bc4a376296bcfac5c3463aef2b7572" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Overview:Prototype pollution vulnerability in \u2018object-hierarchy-access\u2019 versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28271.json b/2020/28xxx/CVE-2020-28271.json index 42a9989fd7c..345d76bb0cd 100644 --- a/2020/28xxx/CVE-2020-28271.json +++ b/2020/28xxx/CVE-2020-28271.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28271", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "deephas", + "version": { + "version_data": [ + { + "version_value": "1.0.5, 1.0.3, 1.0.2, 1.0.1, 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28271,", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28271," + }, + { + "refsource": "MISC", + "name": "https://github.com/sharpred/deepHas/commit/2fe011713a6178c50f7deb6f039a8e5435981e20", + "url": "https://github.com/sharpred/deepHas/commit/2fe011713a6178c50f7deb6f039a8e5435981e20" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution." } ] } diff --git a/2020/7xxx/CVE-2020-7472.json b/2020/7xxx/CVE-2020-7472.json index 26f172f519f..1bf99f93eca 100644 --- a/2020/7xxx/CVE-2020-7472.json +++ b/2020/7xxx/CVE-2020-7472.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-043/", + "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2020-043/" + }, + { + "refsource": "MISC", + "name": "https://support.sugarcrm.com/Documentation/Sugar_Versions/10.0/Pro/Sugar_10.0.0_Release_Notes/", + "url": "https://support.sugarcrm.com/Documentation/Sugar_Versions/10.0/Pro/Sugar_10.0.0_Release_Notes/" } ] } diff --git a/2020/8xxx/CVE-2020-8676.json b/2020/8xxx/CVE-2020-8676.json index d1b9e6227cd..03a1623924c 100644 --- a/2020/8xxx/CVE-2020-8676.json +++ b/2020/8xxx/CVE-2020-8676.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "versions", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00368", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00368" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access." } ] } diff --git a/2020/8xxx/CVE-2020-8677.json b/2020/8xxx/CVE-2020-8677.json index 376c15feb15..0fa31a8942d 100644 --- a/2020/8xxx/CVE-2020-8677.json +++ b/2020/8xxx/CVE-2020-8677.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "versions", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00368", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00368" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access." } ] } diff --git a/2020/8xxx/CVE-2020-8690.json b/2020/8xxx/CVE-2020-8690.json index 2631930fab8..ff5befe8462 100644 --- a/2020/8xxx/CVE-2020-8690.json +++ b/2020/8xxx/CVE-2020-8690.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "before version 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege and/or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access." } ] } diff --git a/2020/8xxx/CVE-2020-8691.json b/2020/8xxx/CVE-2020-8691.json index 3b00ea51935..fa3ab5510b2 100644 --- a/2020/8xxx/CVE-2020-8691.json +++ b/2020/8xxx/CVE-2020-8691.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege and/or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access." } ] } diff --git a/2020/8xxx/CVE-2020-8692.json b/2020/8xxx/CVE-2020-8692.json index b44a8c45fa7..93852d5524c 100644 --- a/2020/8xxx/CVE-2020-8692.json +++ b/2020/8xxx/CVE-2020-8692.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "before version 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege and/or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access." } ] } diff --git a/2020/8xxx/CVE-2020-8693.json b/2020/8xxx/CVE-2020-8693.json index 022a0601b3a..ec5458da3e0 100644 --- a/2020/8xxx/CVE-2020-8693.json +++ b/2020/8xxx/CVE-2020-8693.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege and/or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00380" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access." } ] }