From 824cc9d94b408e0abd8c8834626ff8b37a8ca756 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Dec 2020 20:01:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10002.json | 131 ++++++++++++++++++++++++++++++++- 2020/10xxx/CVE-2020-10006.json | 51 ++++++++++++- 2020/10xxx/CVE-2020-10009.json | 51 ++++++++++++- 2020/10xxx/CVE-2020-10010.json | 99 ++++++++++++++++++++++++- 2020/10xxx/CVE-2020-10973.json | 17 ++++- 2020/12xxx/CVE-2020-12262.json | 5 ++ 2020/12xxx/CVE-2020-12266.json | 17 ++++- 2020/13xxx/CVE-2020-13886.json | 5 ++ 2020/14xxx/CVE-2020-14205.json | 61 +++++++++++++-- 2020/14xxx/CVE-2020-14206.json | 61 +++++++++++++-- 2020/14xxx/CVE-2020-14207.json | 61 +++++++++++++-- 2020/26xxx/CVE-2020-26233.json | 2 +- 2020/28xxx/CVE-2020-28946.json | 61 +++++++++++++-- 2020/9xxx/CVE-2020-9488.json | 15 ++++ 2020/9xxx/CVE-2020-9849.json | 131 ++++++++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9922.json | 51 ++++++++++++- 2020/9xxx/CVE-2020-9942.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9943.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9944.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9945.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9947.json | 131 ++++++++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9949.json | 115 ++++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9950.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9954.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9963.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9965.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9966.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9969.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9972.json | 51 ++++++++++++- 2020/9xxx/CVE-2020-9974.json | 99 ++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9977.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9981.json | 131 ++++++++++++++++++++++++++++++++- 2020/9xxx/CVE-2020-9987.json | 51 ++++++++++++- 2020/9xxx/CVE-2020-9988.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9989.json | 83 ++++++++++++++++++++- 2020/9xxx/CVE-2020-9993.json | 83 ++++++++++++++++++++- 2020/9xxx/CVE-2020-9996.json | 67 ++++++++++++++++- 2020/9xxx/CVE-2020-9999.json | 67 ++++++++++++++++- 38 files changed, 2614 insertions(+), 111 deletions(-) diff --git a/2020/10xxx/CVE-2020-10002.json b/2020/10xxx/CVE-2020-10002.json index 0ed68438fea..865691a6266 100644 --- a/2020/10xxx/CVE-2020-10002.json +++ b/2020/10xxx/CVE-2020-10002.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.1" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.11" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to read arbitrary files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211935", + "name": "https://support.apple.com/en-us/HT211935" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211928", + "name": "https://support.apple.com/en-us/HT211928" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211929", + "name": "https://support.apple.com/en-us/HT211929" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211930", + "name": "https://support.apple.com/en-us/HT211930" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211933", + "name": "https://support.apple.com/en-us/HT211933" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files." } ] } diff --git a/2020/10xxx/CVE-2020-10006.json b/2020/10xxx/CVE-2020-10006.json index b825ec67ab6..d1bf3f58084 100644 --- a/2020/10xxx/CVE-2020-10006.json +++ b/2020/10xxx/CVE-2020-10006.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to access restricted files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files." } ] } diff --git a/2020/10xxx/CVE-2020-10009.json b/2020/10xxx/CVE-2020-10009.json index 008eea27bb9..4d4a376e1d5 100644 --- a/2020/10xxx/CVE-2020-10009.json +++ b/2020/10xxx/CVE-2020-10009.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A sandboxed process may be able to circumvent sandbox restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions." } ] } diff --git a/2020/10xxx/CVE-2020-10010.json b/2020/10xxx/CVE-2020-10010.json index e069f47244a..c0f1865eff1 100644 --- a/2020/10xxx/CVE-2020-10010.json +++ b/2020/10xxx/CVE-2020-10010.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.1" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may be able to elevate their privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211928", + "name": "https://support.apple.com/en-us/HT211928" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211929", + "name": "https://support.apple.com/en-us/HT211929" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211930", + "name": "https://support.apple.com/en-us/HT211930" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges." } ] } diff --git a/2020/10xxx/CVE-2020-10973.json b/2020/10xxx/CVE-2020-10973.json index 06f0b6c6dd1..6e17ed11186 100644 --- a/2020/10xxx/CVE-2020-10973.json +++ b/2020/10xxx/CVE-2020-10973.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available." + "value": "An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available." } ] }, @@ -56,6 +56,21 @@ "refsource": "MISC", "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973", "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudo-jtcsec/Nyra", + "url": "https://github.com/sudo-jtcsec/Nyra" + }, + { + "refsource": "MISC", + "name": "https://github.com/Roni-Carta/nyra", + "url": "https://github.com/Roni-Carta/nyra" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices", + "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices" } ] } diff --git a/2020/12xxx/CVE-2020-12262.json b/2020/12xxx/CVE-2020-12262.json index ded328f84ab..6c9a4328f36 100644 --- a/2020/12xxx/CVE-2020-12262.json +++ b/2020/12xxx/CVE-2020-12262.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://blog.skullsec.com.br/CVE-2020-12262/", "url": "https://blog.skullsec.com.br/CVE-2020-12262/" + }, + { + "refsource": "MISC", + "name": "https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6", + "url": "https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6" } ] } diff --git a/2020/12xxx/CVE-2020-12266.json b/2020/12xxx/CVE-2020-12266.json index 3f54c875702..774da4566f0 100644 --- a/2020/12xxx/CVE-2020-12266.json +++ b/2020/12xxx/CVE-2020-12266.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices. There are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features." + "value": "An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000" } ] }, @@ -61,6 +61,21 @@ "refsource": "MISC", "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266", "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudo-jtcsec/Nyra", + "url": "https://github.com/sudo-jtcsec/Nyra" + }, + { + "refsource": "MISC", + "name": "https://github.com/Roni-Carta/nyra", + "url": "https://github.com/Roni-Carta/nyra" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices", + "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices" } ] } diff --git a/2020/13xxx/CVE-2020-13886.json b/2020/13xxx/CVE-2020-13886.json index f841d228213..636ca6931b6 100644 --- a/2020/13xxx/CVE-2020-13886.json +++ b/2020/13xxx/CVE-2020-13886.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/lucxssouza/CVE-2020-13886", "url": "https://github.com/lucxssouza/CVE-2020-13886" + }, + { + "refsource": "MISC", + "name": "https://lucxs.medium.com/cve-2020-13886-lfi-voip-intelbras-d30f27a39b22", + "url": "https://lucxs.medium.com/cve-2020-13886-lfi-voip-intelbras-d30f27a39b22" } ] } diff --git a/2020/14xxx/CVE-2020-14205.json b/2020/14xxx/CVE-2020-14205.json index 17b86680f5a..06aa14c2ee3 100644 --- a/2020/14xxx/CVE-2020-14205.json +++ b/2020/14xxx/CVE-2020-14205.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14205", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14205", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/divebook/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/divebook/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/divebook.php", + "url": "https://www.hooperlabs.xyz/disclosures/divebook.php" } ] } diff --git a/2020/14xxx/CVE-2020-14206.json b/2020/14xxx/CVE-2020-14206.json index 8c2da5ab97a..6e5af387321 100644 --- a/2020/14xxx/CVE-2020-14206.json +++ b/2020/14xxx/CVE-2020-14206.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14206", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14206", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/divebook/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/divebook/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/divebook.php", + "url": "https://www.hooperlabs.xyz/disclosures/divebook.php" } ] } diff --git a/2020/14xxx/CVE-2020-14207.json b/2020/14xxx/CVE-2020-14207.json index 51a52f7ae9c..e6ea2a1bbf0 100644 --- a/2020/14xxx/CVE-2020-14207.json +++ b/2020/14xxx/CVE-2020-14207.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14207", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14207", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/divebook/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/divebook/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/divebook.php", + "url": "https://www.hooperlabs.xyz/disclosures/divebook.php" } ] } diff --git a/2020/26xxx/CVE-2020-26233.json b/2020/26xxx/CVE-2020-26233.json index 5223e67a8bc..d37cb101f27 100644 --- a/2020/26xxx/CVE-2020-26233.json +++ b/2020/26xxx/CVE-2020-26233.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%.\n\nThis only affects GCM Core on Windows, not macOS or Linux-based distributions.\n\nGCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3).\n\nAs a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option." + "value": "Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option." } ] }, diff --git a/2020/28xxx/CVE-2020-28946.json b/2020/28xxx/CVE-2020-28946.json index e5c5c583768..f8d127723ce 100644 --- a/2020/28xxx/CVE-2020-28946.json +++ b/2020/28xxx/CVE-2020-28946.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28946", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28946", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plummac.com/project/ik-401/", + "refsource": "MISC", + "name": "https://plummac.com/project/ik-401/" + }, + { + "refsource": "MISC", + "name": "https://www.cert.pl/news/single/coraz-wiecej-urzadzen-przemyslowych-podlaczonych-do-internetu/", + "url": "https://www.cert.pl/news/single/coraz-wiecej-urzadzen-przemyslowych-podlaczonych-do-internetu/" } ] } diff --git a/2020/9xxx/CVE-2020-9488.json b/2020/9xxx/CVE-2020-9488.json index c5174ffd3cd..51fa89fda63 100644 --- a/2020/9xxx/CVE-2020-9488.json +++ b/2020/9xxx/CVE-2020-9488.json @@ -178,6 +178,21 @@ "refsource": "MLIST", "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", + "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", + "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E", + "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E" } ] }, diff --git a/2020/9xxx/CVE-2020-9849.json b/2020/9xxx/CVE-2020-9849.json index 738f5415e39..1daf5d2ee42 100644 --- a/2020/9xxx/CVE-2020-9849.json +++ b/2020/9xxx/CVE-2020-9849.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to leak memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211935", + "name": "https://support.apple.com/en-us/HT211935" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211952", + "name": "https://support.apple.com/en-us/HT211952" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory." } ] } diff --git a/2020/9xxx/CVE-2020-9922.json b/2020/9xxx/CVE-2020-9922.json index f9270210d21..350047d17e3 100644 --- a/2020/9xxx/CVE-2020-9922.json +++ b/2020/9xxx/CVE-2020-9922.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9922", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted email may lead to writing arbitrary files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211289", + "name": "https://support.apple.com/en-us/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files." } ] } diff --git a/2020/9xxx/CVE-2020-9942.json b/2020/9xxx/CVE-2020-9942.json index 7eb684e86de..094786f468b 100644 --- a/2020/9xxx/CVE-2020-9942.json +++ b/2020/9xxx/CVE-2020-9942.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Visiting a malicious website may lead to address bar spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211292", + "name": "https://support.apple.com/en-us/HT211292" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing." } ] } diff --git a/2020/9xxx/CVE-2020-9943.json b/2020/9xxx/CVE-2020-9943.json index eaf99ef40df..274753ec96d 100644 --- a/2020/9xxx/CVE-2020-9943.json +++ b/2020/9xxx/CVE-2020-9943.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to read restricted memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory." } ] } diff --git a/2020/9xxx/CVE-2020-9944.json b/2020/9xxx/CVE-2020-9944.json index f349dddda8c..1089e0d0975 100644 --- a/2020/9xxx/CVE-2020-9944.json +++ b/2020/9xxx/CVE-2020-9944.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to read restricted memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory." } ] } diff --git a/2020/9xxx/CVE-2020-9945.json b/2020/9xxx/CVE-2020-9945.json index c0525387382..06ff0e44053 100644 --- a/2020/9xxx/CVE-2020-9945.json +++ b/2020/9xxx/CVE-2020-9945.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Visiting a malicious website may lead to address bar spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211934", + "name": "https://support.apple.com/en-us/HT211934" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing." } ] } diff --git a/2020/9xxx/CVE-2020-9947.json b/2020/9xxx/CVE-2020-9947.json index 533c7569d1c..90ac3991308 100644 --- a/2020/9xxx/CVE-2020-9947.json +++ b/2020/9xxx/CVE-2020-9947.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.5" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211935", + "name": "https://support.apple.com/en-us/HT211935" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211952", + "name": "https://support.apple.com/en-us/HT211952" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211845", + "name": "https://support.apple.com/en-us/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9949.json b/2020/9xxx/CVE-2020-9949.json index a3b3792bfbb..df749fdb3e1 100644 --- a/2020/9xxx/CVE-2020-9949.json +++ b/2020/9xxx/CVE-2020-9949.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211289", + "name": "https://support.apple.com/en-us/HT211289" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9950.json b/2020/9xxx/CVE-2020-9950.json index a6157fb929b..521244a8aa1 100644 --- a/2020/9xxx/CVE-2020-9950.json +++ b/2020/9xxx/CVE-2020-9950.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211845", + "name": "https://support.apple.com/en-us/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9954.json b/2020/9xxx/CVE-2020-9954.json index 5ce39c09895..882091a9e30 100644 --- a/2020/9xxx/CVE-2020-9954.json +++ b/2020/9xxx/CVE-2020-9954.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Playing a malicious audio file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211849", + "name": "https://support.apple.com/en-us/HT211849" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9963.json b/2020/9xxx/CVE-2020-9963.json index 28ef852ced2..2679148649c 100644 --- a/2020/9xxx/CVE-2020-9963.json +++ b/2020/9xxx/CVE-2020-9963.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious app may be able to determine the existence of files on the computer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer." } ] } diff --git a/2020/9xxx/CVE-2020-9965.json b/2020/9xxx/CVE-2020-9965.json index da7f688001a..f18cf591751 100644 --- a/2020/9xxx/CVE-2020-9965.json +++ b/2020/9xxx/CVE-2020-9965.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9966.json b/2020/9xxx/CVE-2020-9966.json index 2d2a98fb9f2..7a03e51cb01 100644 --- a/2020/9xxx/CVE-2020-9966.json +++ b/2020/9xxx/CVE-2020-9966.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9969.json b/2020/9xxx/CVE-2020-9969.json index f5656bf87fd..30c97d81062 100644 --- a/2020/9xxx/CVE-2020-9969.json +++ b/2020/9xxx/CVE-2020-9969.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to view senstive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information." } ] } diff --git a/2020/9xxx/CVE-2020-9972.json b/2020/9xxx/CVE-2020-9972.json index 3f15b8997e2..6dfd951032a 100644 --- a/2020/9xxx/CVE-2020-9972.json +++ b/2020/9xxx/CVE-2020-9972.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9974.json b/2020/9xxx/CVE-2020-9974.json index a49657cdddc..b5842c7bfbc 100644 --- a/2020/9xxx/CVE-2020-9974.json +++ b/2020/9xxx/CVE-2020-9974.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.1" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to determine kernel memory layout" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211928", + "name": "https://support.apple.com/en-us/HT211928" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211929", + "name": "https://support.apple.com/en-us/HT211929" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211930", + "name": "https://support.apple.com/en-us/HT211930" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout." } ] } diff --git a/2020/9xxx/CVE-2020-9977.json b/2020/9xxx/CVE-2020-9977.json index 922f9f73d4b..62454d6a356 100644 --- a/2020/9xxx/CVE-2020-9977.json +++ b/2020/9xxx/CVE-2020-9977.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to determine a user's open tabs in Safari" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari." } ] } diff --git a/2020/9xxx/CVE-2020-9981.json b/2020/9xxx/CVE-2020-9981.json index 29f3c0d39a3..b9d551245be 100644 --- a/2020/9xxx/CVE-2020-9981.json +++ b/2020/9xxx/CVE-2020-9981.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211849", + "name": "https://support.apple.com/en-us/HT211849" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211935", + "name": "https://support.apple.com/en-us/HT211935" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211952", + "name": "https://support.apple.com/en-us/HT211952" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9987.json b/2020/9xxx/CVE-2020-9987.json index 5b05e2f10eb..828ed88019a 100644 --- a/2020/9xxx/CVE-2020-9987.json +++ b/2020/9xxx/CVE-2020-9987.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Visiting a malicious website may lead to address bar spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211845", + "name": "https://support.apple.com/en-us/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing." } ] } diff --git a/2020/9xxx/CVE-2020-9988.json b/2020/9xxx/CVE-2020-9988.json index b4be1542f9f..96cbc7be771 100644 --- a/2020/9xxx/CVE-2020-9988.json +++ b/2020/9xxx/CVE-2020-9988.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to discover a user\u2019s deleted messages" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user\u2019s deleted messages." } ] } diff --git a/2020/9xxx/CVE-2020-9989.json b/2020/9xxx/CVE-2020-9989.json index be88f9f6ff1..970686cf87f 100644 --- a/2020/9xxx/CVE-2020-9989.json +++ b/2020/9xxx/CVE-2020-9989.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to discover a user\u2019s deleted messages" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user\u2019s deleted messages." } ] } diff --git a/2020/9xxx/CVE-2020-9993.json b/2020/9xxx/CVE-2020-9993.json index ed36111def2..2b478db8925 100644 --- a/2020/9xxx/CVE-2020-9993.json +++ b/2020/9xxx/CVE-2020-9993.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Visiting a malicious website may lead to address bar spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211845", + "name": "https://support.apple.com/en-us/HT211845" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing." } ] } diff --git a/2020/9xxx/CVE-2020-9996.json b/2020/9xxx/CVE-2020-9996.json index ac1096ebbcd..6901a1e80e7 100644 --- a/2020/9xxx/CVE-2020-9996.json +++ b/2020/9xxx/CVE-2020-9996.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9999.json b/2020/9xxx/CVE-2020-9999.json index 9546298cdaa..19ccf88e7ee 100644 --- a/2020/9xxx/CVE-2020-9999.json +++ b/2020/9xxx/CVE-2020-9999.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted text file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211931", + "name": "https://support.apple.com/en-us/HT211931" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211952", + "name": "https://support.apple.com/en-us/HT211952" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution." } ] }