From 727665d2d78ed15a873d413f158fd69c46c0371f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Oct 2020 17:02:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15157.json | 2 +- 2020/15xxx/CVE-2020-15252.json | 2 +- 2020/15xxx/CVE-2020-15258.json | 2 +- 2020/4xxx/CVE-2020-4254.json | 172 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4636.json | 174 ++++++++++++++++----------------- 2020/9xxx/CVE-2020-9814.json | 10 +- 2020/9xxx/CVE-2020-9815.json | 15 +-- 2020/9xxx/CVE-2020-9816.json | 10 +- 2020/9xxx/CVE-2020-9890.json | 99 ++++++++++++++++++- 2020/9xxx/CVE-2020-9891.json | 99 ++++++++++++++++++- 2020/9xxx/CVE-2020-9893.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9894.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9895.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9903.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9907.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9909.json | 83 +++++++++++++++- 2020/9xxx/CVE-2020-9910.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9911.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9912.json | 51 +++++++++- 2020/9xxx/CVE-2020-9913.json | 51 +++++++++- 2020/9xxx/CVE-2020-9914.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9915.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9916.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9917.json | 51 +++++++++- 2020/9xxx/CVE-2020-9918.json | 99 ++++++++++++++++++- 2020/9xxx/CVE-2020-9923.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9925.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9931.json | 51 +++++++++- 2020/9xxx/CVE-2020-9933.json | 83 +++++++++++++++- 2020/9xxx/CVE-2020-9934.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9936.json | 147 +++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9946.json | 67 ++++++++++++- 2020/9xxx/CVE-2020-9948.json | 51 +++++++++- 2020/9xxx/CVE-2020-9951.json | 51 +++++++++- 2020/9xxx/CVE-2020-9952.json | 131 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9958.json | 51 +++++++++- 2020/9xxx/CVE-2020-9959.json | 51 +++++++++- 2020/9xxx/CVE-2020-9964.json | 51 +++++++++- 2020/9xxx/CVE-2020-9968.json | 99 ++++++++++++++++++- 2020/9xxx/CVE-2020-9976.json | 83 +++++++++++++++- 2020/9xxx/CVE-2020-9983.json | 51 +++++++++- 2020/9xxx/CVE-2020-9992.json | 67 ++++++++++++- 42 files changed, 3087 insertions(+), 298 deletions(-) diff --git a/2020/15xxx/CVE-2020-15157.json b/2020/15xxx/CVE-2020-15157.json index b798568877a..b4cd52d3c72 100644 --- a/2020/15xxx/CVE-2020-15157.json +++ b/2020/15xxx/CVE-2020-15157.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.\n\nIf you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected." + "value": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a \u201cforeign layer\u201d), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected." } ] }, diff --git a/2020/15xxx/CVE-2020-15252.json b/2020/15xxx/CVE-2020-15252.json index 91313da2eaa..a99407a545a 100644 --- a/2020/15xxx/CVE-2020-15252.json +++ b/2020/15xxx/CVE-2020-15252.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution.\nThis is patched in XWiki 12.5 and XWiki 11.10.6." + "value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6." } ] }, diff --git a/2020/15xxx/CVE-2020-15258.json b/2020/15xxx/CVE-2020-15258.json index 53cfbd48729..9a84b3dac72 100644 --- a/2020/15xxx/CVE-2020-15258.json +++ b/2020/15xxx/CVE-2020-15258.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed.\nThe issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory." + "value": "In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory." } ] }, diff --git a/2020/4xxx/CVE-2020-4254.json b/2020/4xxx/CVE-2020-4254.json index e779846d3e4..20b3b0c6d80 100644 --- a/2020/4xxx/CVE-2020-4254.json +++ b/2020/4xxx/CVE-2020-4254.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560." - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium Big Data Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Guardium Big Data Intelligence", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-10-15T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4254" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6348664", - "title" : "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)", - "name" : "https://www.ibm.com/support/pages/node/6348664", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-guardium-cve20204253-info-disc (175560)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "5.900", - "S" : "U", - "A" : "N", - "UI" : "N", - "I" : "N", - "C" : "H", - "AV" : "N", - "AC" : "H", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-10-15T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4254" + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6348664", + "title": "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)", + "name": "https://www.ibm.com/support/pages/node/6348664", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "name": "ibm-guardium-cve20204253-info-disc (175560)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.900", + "S": "U", + "A": "N", + "UI": "N", + "I": "N", + "C": "H", + "AV": "N", + "AC": "H", + "PR": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4636.json b/2020/4xxx/CVE-2020-4636.json index 0d19f1630e5..bf6e89614bf 100644 --- a/2020/4xxx/CVE-2020-4636.json +++ b/2020/4xxx/CVE-2020-4636.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "I" : "L", - "UI" : "N", - "A" : "L", - "S" : "C", - "SCORE" : "8.200", - "PR" : "H", - "AC" : "L", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503." - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Resilient OnPrem", - "version" : { - "version_data" : [ - { - "version_value" : "38.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "I": "L", + "UI": "N", + "A": "L", + "S": "C", + "SCORE": "8.200", + "PR": "H", + "AC": "L", + "AV": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-10-15T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4636" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503." + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resilient OnPrem", + "version": { + "version_data": [ + { + "version_value": "38.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6348694 (Resilient OnPrem)", - "name" : "https://www.ibm.com/support/pages/node/6348694", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6348694" - }, - { - "name" : "ibm-resilient-cve20204636-command-exec (185503)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503" - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-10-15T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4636" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6348694 (Resilient OnPrem)", + "name": "https://www.ibm.com/support/pages/node/6348694", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6348694" + }, + { + "name": "ibm-resilient-cve20204636-command-exec (185503)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9814.json b/2020/9xxx/CVE-2020-9814.json index d5986b5e719..21c4ab139e9 100644 --- a/2020/9xxx/CVE-2020-9814.json +++ b/2020/9xxx/CVE-2020-9814.json @@ -78,16 +78,16 @@ }, "references": { "reference_data": [ - { - "url": "https://support.apple.com/HT211170", - "refsource": "MISC", - "name": "https://support.apple.com/HT211170" - }, { "url": "https://support.apple.com/HT211168", "refsource": "MISC", "name": "https://support.apple.com/HT211168" }, + { + "url": "https://support.apple.com/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/HT211170" + }, { "url": "https://support.apple.com/HT211171", "refsource": "MISC", diff --git a/2020/9xxx/CVE-2020-9815.json b/2020/9xxx/CVE-2020-9815.json index 0b7cdc9dd3c..09f893e6a83 100644 --- a/2020/9xxx/CVE-2020-9815.json +++ b/2020/9xxx/CVE-2020-9815.json @@ -78,16 +78,16 @@ }, "references": { "reference_data": [ - { - "url": "https://support.apple.com/HT211170", - "refsource": "MISC", - "name": "https://support.apple.com/HT211170" - }, { "url": "https://support.apple.com/HT211168", "refsource": "MISC", "name": "https://support.apple.com/HT211168" }, + { + "url": "https://support.apple.com/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/HT211170" + }, { "url": "https://support.apple.com/HT211171", "refsource": "MISC", @@ -97,11 +97,6 @@ "url": "https://support.apple.com/HT211175", "refsource": "MISC", "name": "https://support.apple.com/HT211175" - }, - { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/" } ] }, diff --git a/2020/9xxx/CVE-2020-9816.json b/2020/9xxx/CVE-2020-9816.json index dc86565ce9a..561fc280f43 100644 --- a/2020/9xxx/CVE-2020-9816.json +++ b/2020/9xxx/CVE-2020-9816.json @@ -78,16 +78,16 @@ }, "references": { "reference_data": [ - { - "url": "https://support.apple.com/HT211170", - "refsource": "MISC", - "name": "https://support.apple.com/HT211170" - }, { "url": "https://support.apple.com/HT211168", "refsource": "MISC", "name": "https://support.apple.com/HT211168" }, + { + "url": "https://support.apple.com/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/HT211170" + }, { "url": "https://support.apple.com/HT211171", "refsource": "MISC", diff --git a/2020/9xxx/CVE-2020-9890.json b/2020/9xxx/CVE-2020-9890.json index 9c704993186..46cd94400b9 100644 --- a/2020/9xxx/CVE-2020-9890.json +++ b/2020/9xxx/CVE-2020-9890.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted audio file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + }, + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9891.json b/2020/9xxx/CVE-2020-9891.json index e440bbae19d..a0e46a45c86 100644 --- a/2020/9xxx/CVE-2020-9891.json +++ b/2020/9xxx/CVE-2020-9891.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted audio file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + }, + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9893.json b/2020/9xxx/CVE-2020-9893.json index af96bc3bf49..fef7287e290 100644 --- a/2020/9xxx/CVE-2020-9893.json +++ b/2020/9xxx/CVE-2020-9893.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9894.json b/2020/9xxx/CVE-2020-9894.json index 763699c65ab..e9505e6dbb4 100644 --- a/2020/9xxx/CVE-2020-9894.json +++ b/2020/9xxx/CVE-2020-9894.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9895.json b/2020/9xxx/CVE-2020-9895.json index 69d383a75d5..8a179919c42 100644 --- a/2020/9xxx/CVE-2020-9895.json +++ b/2020/9xxx/CVE-2020-9895.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9903.json b/2020/9xxx/CVE-2020-9903.json index 83ed64bf4f2..d59e405ef73 100644 --- a/2020/9xxx/CVE-2020-9903.json +++ b/2020/9xxx/CVE-2020-9903.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious attacker may cause Safari to suggest a password for the wrong domain" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain." } ] } diff --git a/2020/9xxx/CVE-2020-9907.json b/2020/9xxx/CVE-2020-9907.json index acf3d4990a3..d73864fcae8 100644 --- a/2020/9xxx/CVE-2020-9907.json +++ b/2020/9xxx/CVE-2020-9907.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9909.json b/2020/9xxx/CVE-2020-9909.json index 1175336ff44..2a68f10a677 100644 --- a/2020/9xxx/CVE-2020-9909.json +++ b/2020/9xxx/CVE-2020-9909.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations." } ] } diff --git a/2020/9xxx/CVE-2020-9910.json b/2020/9xxx/CVE-2020-9910.json index 814c895ac24..2c54787bce0 100644 --- a/2020/9xxx/CVE-2020-9910.json +++ b/2020/9xxx/CVE-2020-9910.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication." } ] } diff --git a/2020/9xxx/CVE-2020-9911.json b/2020/9xxx/CVE-2020-9911.json index 1a5ceaff1b1..d7b10bd8b6b 100644 --- a/2020/9xxx/CVE-2020-9911.json +++ b/2020/9xxx/CVE-2020-9911.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy." } ] } diff --git a/2020/9xxx/CVE-2020-9912.json b/2020/9xxx/CVE-2020-9912.json index dad5bd139c1..6249e0b79a6 100644 --- a/2020/9xxx/CVE-2020-9912.json +++ b/2020/9xxx/CVE-2020-9912.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode." } ] } diff --git a/2020/9xxx/CVE-2020-9913.json b/2020/9xxx/CVE-2020-9913.json index 7c990827b13..ab2147ab927 100644 --- a/2020/9xxx/CVE-2020-9913.json +++ b/2020/9xxx/CVE-2020-9913.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to leak sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information." } ] } diff --git a/2020/9xxx/CVE-2020-9914.json b/2020/9xxx/CVE-2020-9914.json index e97bdd5c45e..7205c31cafb 100644 --- a/2020/9xxx/CVE-2020-9914.json +++ b/2020/9xxx/CVE-2020-9914.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets." } ] } diff --git a/2020/9xxx/CVE-2020-9915.json b/2020/9xxx/CVE-2020-9915.json index abfaad3b493..1313c055415 100644 --- a/2020/9xxx/CVE-2020-9915.json +++ b/2020/9xxx/CVE-2020-9915.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9915", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced." } ] } diff --git a/2020/9xxx/CVE-2020-9916.json b/2020/9xxx/CVE-2020-9916.json index 8f8a43d574b..925dde6e6e7 100644 --- a/2020/9xxx/CVE-2020-9916.json +++ b/2020/9xxx/CVE-2020-9916.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious attacker may be able to conceal the destination of a URL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL." } ] } diff --git a/2020/9xxx/CVE-2020-9917.json b/2020/9xxx/CVE-2020-9917.json index 564cdd4c836..53f2286390d 100644 --- a/2020/9xxx/CVE-2020-9917.json +++ b/2020/9xxx/CVE-2020-9917.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service." } ] } diff --git a/2020/9xxx/CVE-2020-9918.json b/2020/9xxx/CVE-2020-9918.json index 2b6c1ce4675..39b0f8bba10 100644 --- a/2020/9xxx/CVE-2020-9918.json +++ b/2020/9xxx/CVE-2020-9918.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + }, + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9923.json b/2020/9xxx/CVE-2020-9923.json index 283e08e00c1..f4c988cf8f7 100644 --- a/2020/9xxx/CVE-2020-9923.json +++ b/2020/9xxx/CVE-2020-9923.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9923", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with system privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9925.json b/2020/9xxx/CVE-2020-9925.json index 6f21aecaab7..40f049dbabe 100644 --- a/2020/9xxx/CVE-2020-9925.json +++ b/2020/9xxx/CVE-2020-9925.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to universal cross site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211292", + "refsource": "MISC", + "name": "https://support.apple.com/HT211292" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting." } ] } diff --git a/2020/9xxx/CVE-2020-9931.json b/2020/9xxx/CVE-2020-9931.json index 0ead34a6ae9..3acde2248fb 100644 --- a/2020/9xxx/CVE-2020-9931.json +++ b/2020/9xxx/CVE-2020-9931.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may cause an unexpected application termination" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination." } ] } diff --git a/2020/9xxx/CVE-2020-9933.json b/2020/9xxx/CVE-2020-9933.json index 77d715fdeb7..22ebb486e38 100644 --- a/2020/9xxx/CVE-2020-9933.json +++ b/2020/9xxx/CVE-2020-9933.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information." } ] } diff --git a/2020/9xxx/CVE-2020-9934.json b/2020/9xxx/CVE-2020-9934.json index b4215d5b400..d0f0c8fb6fc 100644 --- a/2020/9xxx/CVE-2020-9934.json +++ b/2020/9xxx/CVE-2020-9934.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to view sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + }, + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information." } ] } diff --git a/2020/9xxx/CVE-2020-9936.json b/2020/9xxx/CVE-2020-9936.json index 7093125a98e..6dcf2bc8798 100644 --- a/2020/9xxx/CVE-2020-9936.json +++ b/2020/9xxx/CVE-2020-9936.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/HT211289" + }, + { + "url": "https://support.apple.com/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/HT211288" + }, + { + "url": "https://support.apple.com/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/HT211290" + }, + { + "url": "https://support.apple.com/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/HT211291" + }, + { + "url": "https://support.apple.com/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/HT211293" + }, + { + "url": "https://support.apple.com/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/HT211294" + }, + { + "url": "https://support.apple.com/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9946.json b/2020/9xxx/CVE-2020-9946.json index 57c17fade49..488c27c0b6b 100644 --- a/2020/9xxx/CVE-2020-9946.json +++ b/2020/9xxx/CVE-2020-9946.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The screen lock may not engage after the specified time period" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + }, + { + "url": "https://support.apple.com/HT211844", + "refsource": "MISC", + "name": "https://support.apple.com/HT211844" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period." } ] } diff --git a/2020/9xxx/CVE-2020-9948.json b/2020/9xxx/CVE-2020-9948.json index f843b840c5a..d0b143af61a 100644 --- a/2020/9xxx/CVE-2020-9948.json +++ b/2020/9xxx/CVE-2020-9948.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211845", + "refsource": "MISC", + "name": "https://support.apple.com/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9951.json b/2020/9xxx/CVE-2020-9951.json index 3e8b3338063..487b40a7ab6 100644 --- a/2020/9xxx/CVE-2020-9951.json +++ b/2020/9xxx/CVE-2020-9951.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211845", + "refsource": "MISC", + "name": "https://support.apple.com/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9952.json b/2020/9xxx/CVE-2020-9952.json index b1623c5b1e1..8f724eadca0 100644 --- a/2020/9xxx/CVE-2020-9952.json +++ b/2020/9xxx/CVE-2020-9952.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 7.0" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 14.0" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.4" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.21" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to a cross site scripting attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + }, + { + "url": "https://support.apple.com/HT211844", + "refsource": "MISC", + "name": "https://support.apple.com/HT211844" + }, + { + "url": "https://support.apple.com/HT211845", + "refsource": "MISC", + "name": "https://support.apple.com/HT211845" + }, + { + "url": "https://support.apple.com/HT211843", + "refsource": "MISC", + "name": "https://support.apple.com/HT211843" + }, + { + "url": "https://support.apple.com/HT211846", + "refsource": "MISC", + "name": "https://support.apple.com/HT211846" + }, + { + "url": "https://support.apple.com/HT211847", + "refsource": "MISC", + "name": "https://support.apple.com/HT211847" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack." } ] } diff --git a/2020/9xxx/CVE-2020-9958.json b/2020/9xxx/CVE-2020-9958.json index f5b4beddf70..7d17b93c573 100644 --- a/2020/9xxx/CVE-2020-9958.json +++ b/2020/9xxx/CVE-2020-9958.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to cause unexpected system termination or write kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9959.json b/2020/9xxx/CVE-2020-9959.json index ba2abe11855..2c3a8f13904 100644 --- a/2020/9xxx/CVE-2020-9959.json +++ b/2020/9xxx/CVE-2020-9959.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A person with physical access to an iOS device may be able to view notification contents from the lockscreen" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen." } ] } diff --git a/2020/9xxx/CVE-2020-9964.json b/2020/9xxx/CVE-2020-9964.json index 8aa54d46f20..ed0de561784 100644 --- a/2020/9xxx/CVE-2020-9964.json +++ b/2020/9xxx/CVE-2020-9964.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9968.json b/2020/9xxx/CVE-2020-9968.json index 9f9174cc4f2..f81fe2d52d2 100644 --- a/2020/9xxx/CVE-2020-9968.json +++ b/2020/9xxx/CVE-2020-9968.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9968", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to access restricted files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + }, + { + "url": "https://support.apple.com/HT211844", + "refsource": "MISC", + "name": "https://support.apple.com/HT211844" + }, + { + "url": "https://support.apple.com/HT211843", + "refsource": "MISC", + "name": "https://support.apple.com/HT211843" + }, + { + "url": "https://support.apple.com/HT211849", + "refsource": "MISC", + "name": "https://support.apple.com/HT211849" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files." } ] } diff --git a/2020/9xxx/CVE-2020-9976.json b/2020/9xxx/CVE-2020-9976.json index 0c7c2f5fb05..d2d6c348058 100644 --- a/2020/9xxx/CVE-2020-9976.json +++ b/2020/9xxx/CVE-2020-9976.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to leak sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + }, + { + "url": "https://support.apple.com/HT211844", + "refsource": "MISC", + "name": "https://support.apple.com/HT211844" + }, + { + "url": "https://support.apple.com/HT211843", + "refsource": "MISC", + "name": "https://support.apple.com/HT211843" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information." } ] } diff --git a/2020/9xxx/CVE-2020-9983.json b/2020/9xxx/CVE-2020-9983.json index 30c90ff7c23..b540671ba93 100644 --- a/2020/9xxx/CVE-2020-9983.json +++ b/2020/9xxx/CVE-2020-9983.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211845", + "refsource": "MISC", + "name": "https://support.apple.com/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9992.json b/2020/9xxx/CVE-2020-9992.json index e78366efe25..731b83536b0 100644 --- a/2020/9xxx/CVE-2020-9992.json +++ b/2020/9xxx/CVE-2020-9992.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 14.0 and iPadOS 14.0" + } + ] + } + }, + { + "product_name": "Xcode", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Xcode 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211850", + "refsource": "MISC", + "name": "https://support.apple.com/HT211850" + }, + { + "url": "https://support.apple.com/HT211848", + "refsource": "MISC", + "name": "https://support.apple.com/HT211848" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network." } ] }