admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-16 17:02:21 +00:00
parent a3aa390752
commit 727665d2d7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
42 changed files with 3087 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/15xxx/CVE-2020-15157.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.\n\nIf you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected."
"value": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a \u201cforeign layer\u201d), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected."
}
]
},

2
2020/15xxx/CVE-2020-15252.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution.\nThis is patched in XWiki 12.5 and XWiki 11.10.6."
"value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6."
}
]
},

2
2020/15xxx/CVE-2020-15258.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed.\nThe issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory."
"value": "In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory."
}
]
},

172
2020/4xxx/CVE-2020-4254.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560."
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Big Data Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "1.0"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Guardium Big Data Intelligence",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4254"
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6348664",
"title" : "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)",
"name" : "https://www.ibm.com/support/pages/node/6348664",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-guardium-cve20204253-info-disc (175560)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.900",
"S" : "U",
"A" : "N",
"UI" : "N",
"I" : "N",
"C" : "H",
"AV" : "N",
"AC" : "H",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-10-15T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4254"
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6348664",
"title": "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)",
"name": "https://www.ibm.com/support/pages/node/6348664",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"name": "ibm-guardium-cve20204253-info-disc (175560)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.900",
"S": "U",
"A": "N",
"UI": "N",
"I": "N",
"C": "H",
"AV": "N",
"AC": "H",
"PR": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
}
}

174
2020/4xxx/CVE-2020-4636.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"I" : "L",
"UI" : "N",
"A" : "L",
"S" : "C",
"SCORE" : "8.200",
"PR" : "H",
"AC" : "L",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503."
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Resilient OnPrem",
"version" : {
"version_data" : [
{
"version_value" : "38.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"I": "L",
"UI": "N",
"A": "L",
"S": "C",
"SCORE": "8.200",
"PR": "H",
"AC": "L",
"AV": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-10-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4636"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503."
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Resilient OnPrem",
"version": {
"version_data": [
{
"version_value": "38.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6348694 (Resilient OnPrem)",
"name" : "https://www.ibm.com/support/pages/node/6348694",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6348694"
},
{
"name" : "ibm-resilient-cve20204636-command-exec (185503)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503"
}
]
}
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-10-15T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4636"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6348694 (Resilient OnPrem)",
"name": "https://www.ibm.com/support/pages/node/6348694",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6348694"
},
{
"name": "ibm-resilient-cve20204636-command-exec (185503)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503"
}
]
}
}

10
2020/9xxx/CVE-2020-9814.json
View File

@ -78,16 +78,16 @@
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211168",
"refsource": "MISC",
"name": "https://support.apple.com/HT211168"
},
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211171",
"refsource": "MISC",

15
2020/9xxx/CVE-2020-9815.json
View File

@ -78,16 +78,16 @@
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211168",
"refsource": "MISC",
"name": "https://support.apple.com/HT211168"
},
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211171",
"refsource": "MISC",
@ -97,11 +97,6 @@
"url": "https://support.apple.com/HT211175",
"refsource": "MISC",
"name": "https://support.apple.com/HT211175"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/"
}
]
},

10
2020/9xxx/CVE-2020-9816.json
View File

@ -78,16 +78,16 @@
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211168",
"refsource": "MISC",
"name": "https://support.apple.com/HT211168"
},
{
"url": "https://support.apple.com/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/HT211170"
},
{
"url": "https://support.apple.com/HT211171",
"refsource": "MISC",

99
2020/9xxx/CVE-2020-9890.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
},
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
}

99
2020/9xxx/CVE-2020-9891.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted audio file may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
},
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution."
}
]
}

147
2020/9xxx/CVE-2020-9893.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
}

147
2020/9xxx/CVE-2020-9894.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
}

147
2020/9xxx/CVE-2020-9895.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
}
]
}

67
2020/9xxx/CVE-2020-9903.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may cause Safari to suggest a password for the wrong domain"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain."
}
]
}

67
2020/9xxx/CVE-2020-9907.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges."
}
]
}

83
2020/9xxx/CVE-2020-9909.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations."
}
]
}

147
2020/9xxx/CVE-2020-9910.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
]
}

67
2020/9xxx/CVE-2020-9911.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy."
}
]
}

51
2020/9xxx/CVE-2020-9912.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode."
}
]
}

51
2020/9xxx/CVE-2020-9913.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to leak sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information."
}
]
}

67
2020/9xxx/CVE-2020-9914.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets."
}
]
}

147
2020/9xxx/CVE-2020-9915.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
]
}

147
2020/9xxx/CVE-2020-9916.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious attacker may be able to conceal the destination of a URL"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL."
}
]
}

51
2020/9xxx/CVE-2020-9917.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause a denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service."
}
]
}

99
2020/9xxx/CVE-2020-9918.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
},
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory."
}
]
}

67
2020/9xxx/CVE-2020-9923.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to execute arbitrary code with system privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges."
}
]
}

147
2020/9xxx/CVE-2020-9925.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 13.1.2"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to universal cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211292",
"refsource": "MISC",
"name": "https://support.apple.com/HT211292"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting."
}
]
}

51
2020/9xxx/CVE-2020-9931.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A remote attacker may cause an unexpected application termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination."
}
]
}

83
2020/9xxx/CVE-2020-9933.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to read sensitive location information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information."
}
]
}

67
2020/9xxx/CVE-2020-9934.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to view sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
},
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information."
}
]
}

147
2020/9xxx/CVE-2020-9936.json
View File

@ -4,14 +4,155 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 13.6 and iPadOS 13.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 13.4.8"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 6.2.8"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iTunes 12.10.8 for Windows"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.3"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted image may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211289",
"refsource": "MISC",
"name": "https://support.apple.com/HT211289"
},
{
"url": "https://support.apple.com/HT211288",
"refsource": "MISC",
"name": "https://support.apple.com/HT211288"
},
{
"url": "https://support.apple.com/HT211290",
"refsource": "MISC",
"name": "https://support.apple.com/HT211290"
},
{
"url": "https://support.apple.com/HT211291",
"refsource": "MISC",
"name": "https://support.apple.com/HT211291"
},
{
"url": "https://support.apple.com/HT211293",
"refsource": "MISC",
"name": "https://support.apple.com/HT211293"
},
{
"url": "https://support.apple.com/HT211294",
"refsource": "MISC",
"name": "https://support.apple.com/HT211294"
},
{
"url": "https://support.apple.com/HT211295",
"refsource": "MISC",
"name": "https://support.apple.com/HT211295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution."
}
]
}

67
2020/9xxx/CVE-2020-9946.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 7.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The screen lock may not engage after the specified time period"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
},
{
"url": "https://support.apple.com/HT211844",
"refsource": "MISC",
"name": "https://support.apple.com/HT211844"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period."
}
]
}

51
2020/9xxx/CVE-2020-9948.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211845",
"refsource": "MISC",
"name": "https://support.apple.com/HT211845"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
}

51
2020/9xxx/CVE-2020-9951.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211845",
"refsource": "MISC",
"name": "https://support.apple.com/HT211845"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
}

131
2020/9xxx/CVE-2020-9952.json
View File

@ -4,14 +4,139 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 14.0"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 7.0"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 14.0"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 11.4"
}
]
}
},
{
"product_name": "iCloud for Windows (Legacy)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iCloud for Windows 7.21"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to a cross site scripting attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
},
{
"url": "https://support.apple.com/HT211844",
"refsource": "MISC",
"name": "https://support.apple.com/HT211844"
},
{
"url": "https://support.apple.com/HT211845",
"refsource": "MISC",
"name": "https://support.apple.com/HT211845"
},
{
"url": "https://support.apple.com/HT211843",
"refsource": "MISC",
"name": "https://support.apple.com/HT211843"
},
{
"url": "https://support.apple.com/HT211846",
"refsource": "MISC",
"name": "https://support.apple.com/HT211846"
},
{
"url": "https://support.apple.com/HT211847",
"refsource": "MISC",
"name": "https://support.apple.com/HT211847"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack."
}
]
}

51
2020/9xxx/CVE-2020-9958.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to cause unexpected system termination or write kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory."
}
]
}

51
2020/9xxx/CVE-2020-9959.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A person with physical access to an iOS device may be able to view notification contents from the lockscreen"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen."
}
]
}

51
2020/9xxx/CVE-2020-9964.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local user may be able to read kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory."
}
]
}

99
2020/9xxx/CVE-2020-9968.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "macOS Catalina 10.15.7"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 14.0"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 7.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to access restricted files"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
},
{
"url": "https://support.apple.com/HT211844",
"refsource": "MISC",
"name": "https://support.apple.com/HT211844"
},
{
"url": "https://support.apple.com/HT211843",
"refsource": "MISC",
"name": "https://support.apple.com/HT211843"
},
{
"url": "https://support.apple.com/HT211849",
"refsource": "MISC",
"name": "https://support.apple.com/HT211849"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files."
}
]
}

83
2020/9xxx/CVE-2020-9976.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "tvOS 14.0"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "watchOS 7.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to leak sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
},
{
"url": "https://support.apple.com/HT211844",
"refsource": "MISC",
"name": "https://support.apple.com/HT211844"
},
{
"url": "https://support.apple.com/HT211843",
"refsource": "MISC",
"name": "https://support.apple.com/HT211843"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information."
}
]
}

51
2020/9xxx/CVE-2020-9983.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Safari 14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211845",
"refsource": "MISC",
"name": "https://support.apple.com/HT211845"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution."
}
]
}

67
2020/9xxx/CVE-2020-9992.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "iOS 14.0 and iPadOS 14.0"
}
]
}
},
{
"product_name": "Xcode",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "Xcode 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/HT211850",
"refsource": "MISC",
"name": "https://support.apple.com/HT211850"
},
{
"url": "https://support.apple.com/HT211848",
"refsource": "MISC",
"name": "https://support.apple.com/HT211848"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network."
}
]
}