diff --git a/2020/10xxx/CVE-2020-10865.json b/2020/10xxx/CVE-2020-10865.json index 097801fe995..56433db0da5 100644 --- a/2020/10xxx/CVE-2020-10865.json +++ b/2020/10xxx/CVE-2020-10865.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10865", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.avast.com/index.php?topic=232420.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232420.0" + }, + { + "url": "https://forum.avast.com/index.php?topic=232423.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232423.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md", + "url": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md" } ] } diff --git a/2020/10xxx/CVE-2020-10866.json b/2020/10xxx/CVE-2020-10866.json index ad903b97f6b..8fec14c84e6 100644 --- a/2020/10xxx/CVE-2020-10866.json +++ b/2020/10xxx/CVE-2020-10866.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10866", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.avast.com/index.php?topic=232420.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232420.0" + }, + { + "url": "https://forum.avast.com/index.php?topic=232423.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232423.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md", + "url": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md" } ] } diff --git a/2020/10xxx/CVE-2020-10867.json b/2020/10xxx/CVE-2020-10867.json index 027c9d20959..031daae4ba8 100644 --- a/2020/10xxx/CVE-2020-10867.json +++ b/2020/10xxx/CVE-2020-10867.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.avast.com/index.php?topic=232420.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232420.0" + }, + { + "url": "https://forum.avast.com/index.php?topic=232423.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232423.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md", + "url": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md" } ] } diff --git a/2020/10xxx/CVE-2020-10868.json b/2020/10xxx/CVE-2020-10868.json index f332743c2b9..5750ec21b01 100644 --- a/2020/10xxx/CVE-2020-10868.json +++ b/2020/10xxx/CVE-2020-10868.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10868", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10868", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.avast.com/index.php?topic=232420.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232420.0" + }, + { + "url": "https://forum.avast.com/index.php?topic=232423.0", + "refsource": "MISC", + "name": "https://forum.avast.com/index.php?topic=232423.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md", + "url": "https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md" } ] } diff --git a/2020/11xxx/CVE-2020-11459.json b/2020/11xxx/CVE-2020-11459.json new file mode 100644 index 00000000000..217a3e61185 --- /dev/null +++ b/2020/11xxx/CVE-2020-11459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11460.json b/2020/11xxx/CVE-2020-11460.json new file mode 100644 index 00000000000..bc15ac5f0e2 --- /dev/null +++ b/2020/11xxx/CVE-2020-11460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11461.json b/2020/11xxx/CVE-2020-11461.json new file mode 100644 index 00000000000..c498550598d --- /dev/null +++ b/2020/11xxx/CVE-2020-11461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3881.json b/2020/3xxx/CVE-2020-3881.json index 11b4aed2286..d2ac991621b 100644 --- a/2020/3xxx/CVE-2020-3881.json +++ b/2020/3xxx/CVE-2020-3881.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to view sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information." } ] } diff --git a/2020/3xxx/CVE-2020-3883.json b/2020/3xxx/CVE-2020-3883.json index a959a306a2b..2ec8447e101 100644 --- a/2020/3xxx/CVE-2020-3883.json +++ b/2020/3xxx/CVE-2020-3883.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to use arbitrary entitlements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements." } ] } diff --git a/2020/3xxx/CVE-2020-3884.json b/2020/3xxx/CVE-2020-3884.json index 86a1935dde4..881845363dd 100644 --- a/2020/3xxx/CVE-2020-3884.json +++ b/2020/3xxx/CVE-2020-3884.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause arbitrary javascript code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3885.json b/2020/3xxx/CVE-2020-3885.json index 4280395e9e9..5ac81b7cd8f 100644 --- a/2020/3xxx/CVE-2020-3885.json +++ b/2020/3xxx/CVE-2020-3885.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A file URL may be incorrectly processed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed." } ] } diff --git a/2020/3xxx/CVE-2020-3887.json b/2020/3xxx/CVE-2020-3887.json index 96d363c02dc..872b227059a 100644 --- a/2020/3xxx/CVE-2020-3887.json +++ b/2020/3xxx/CVE-2020-3887.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A download's origin may be incorrectly associated" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated." } ] } diff --git a/2020/3xxx/CVE-2020-3888.json b/2020/3xxx/CVE-2020-3888.json index 68246665ea1..68a66068609 100644 --- a/2020/3xxx/CVE-2020-3888.json +++ b/2020/3xxx/CVE-2020-3888.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3888", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A maliciously crafted page may interfere with other web contexts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts." } ] } diff --git a/2020/3xxx/CVE-2020-3889.json b/2020/3xxx/CVE-2020-3889.json index 0a528ff5adc..24868eddc3a 100644 --- a/2020/3xxx/CVE-2020-3889.json +++ b/2020/3xxx/CVE-2020-3889.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to read arbitrary files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files." } ] } diff --git a/2020/3xxx/CVE-2020-3890.json b/2020/3xxx/CVE-2020-3890.json index 1811a72c7fd..6c0ab36443f 100644 --- a/2020/3xxx/CVE-2020-3890.json +++ b/2020/3xxx/CVE-2020-3890.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deleted messages groups may still be suggested as an autocompletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion." } ] } diff --git a/2020/3xxx/CVE-2020-3891.json b/2020/3xxx/CVE-2020-3891.json index bf87cb8f599..8bcc8f27f99 100644 --- a/2020/3xxx/CVE-2020-3891.json +++ b/2020/3xxx/CVE-2020-3891.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled." } ] } diff --git a/2020/3xxx/CVE-2020-3892.json b/2020/3xxx/CVE-2020-3892.json index 1010e007c93..b0fe6deabef 100644 --- a/2020/3xxx/CVE-2020-3892.json +++ b/2020/3xxx/CVE-2020-3892.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3893.json b/2020/3xxx/CVE-2020-3893.json index 4c91b26ed87..75b6814b47d 100644 --- a/2020/3xxx/CVE-2020-3893.json +++ b/2020/3xxx/CVE-2020-3893.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3894.json b/2020/3xxx/CVE-2020-3894.json index a223f511e37..d4566c55bf7 100644 --- a/2020/3xxx/CVE-2020-3894.json +++ b/2020/3xxx/CVE-2020-3894.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to read restricted memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory." } ] } diff --git a/2020/3xxx/CVE-2020-3895.json b/2020/3xxx/CVE-2020-3895.json index 90c7283c9c1..7bbf76e4106 100644 --- a/2020/3xxx/CVE-2020-3895.json +++ b/2020/3xxx/CVE-2020-3895.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3897.json b/2020/3xxx/CVE-2020-3897.json index dbd8c8c47a2..095a3fb92df 100644 --- a/2020/3xxx/CVE-2020-3897.json +++ b/2020/3xxx/CVE-2020-3897.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3899.json b/2020/3xxx/CVE-2020-3899.json index 6b118653373..ebd9ac4bdcc 100644 --- a/2020/3xxx/CVE-2020-3899.json +++ b/2020/3xxx/CVE-2020-3899.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3900.json b/2020/3xxx/CVE-2020-3900.json index f75ff63b4b4..d938617db9e 100644 --- a/2020/3xxx/CVE-2020-3900.json +++ b/2020/3xxx/CVE-2020-3900.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3901.json b/2020/3xxx/CVE-2020-3901.json index 6de9d50adc5..5ce4740ccc2 100644 --- a/2020/3xxx/CVE-2020-3901.json +++ b/2020/3xxx/CVE-2020-3901.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3902.json b/2020/3xxx/CVE-2020-3902.json index 74520109c05..f3746c1125e 100644 --- a/2020/3xxx/CVE-2020-3902.json +++ b/2020/3xxx/CVE-2020-3902.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to a cross site scripting attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack." } ] } diff --git a/2020/3xxx/CVE-2020-3903.json b/2020/3xxx/CVE-2020-3903.json index 52fe1bb5a66..8f1d12d62d9 100644 --- a/2020/3xxx/CVE-2020-3903.json +++ b/2020/3xxx/CVE-2020-3903.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with system privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3904.json b/2020/3xxx/CVE-2020-3904.json index 798710f1a86..3dbf7ad3c5a 100644 --- a/2020/3xxx/CVE-2020-3904.json +++ b/2020/3xxx/CVE-2020-3904.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3905.json b/2020/3xxx/CVE-2020-3905.json index f72a18e037a..daa7dc8fedb 100644 --- a/2020/3xxx/CVE-2020-3905.json +++ b/2020/3xxx/CVE-2020-3905.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3906.json b/2020/3xxx/CVE-2020-3906.json index cf9d2c58fa2..7c1370e85cc 100644 --- a/2020/3xxx/CVE-2020-3906.json +++ b/2020/3xxx/CVE-2020-3906.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A maliciously crafted application may be able to bypass code signing enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement." } ] } diff --git a/2020/3xxx/CVE-2020-3907.json b/2020/3xxx/CVE-2020-3907.json index 5e12f5af1c0..bb6f71b3932 100644 --- a/2020/3xxx/CVE-2020-3907.json +++ b/2020/3xxx/CVE-2020-3907.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2020/3xxx/CVE-2020-3908.json b/2020/3xxx/CVE-2020-3908.json index 29ac40fdcd2..5e0b0cb99c4 100644 --- a/2020/3xxx/CVE-2020-3908.json +++ b/2020/3xxx/CVE-2020-3908.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2020/3xxx/CVE-2020-3909.json b/2020/3xxx/CVE-2020-3909.json index 4fa71afd4a2..9ed46149a76 100644 --- a/2020/3xxx/CVE-2020-3909.json +++ b/2020/3xxx/CVE-2020-3909.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple issues in libxml2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2." } ] } diff --git a/2020/3xxx/CVE-2020-3910.json b/2020/3xxx/CVE-2020-3910.json index bb1678d32be..21d4720ac74 100644 --- a/2020/3xxx/CVE-2020-3910.json +++ b/2020/3xxx/CVE-2020-3910.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple issues in libxml2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2." } ] } diff --git a/2020/3xxx/CVE-2020-3911.json b/2020/3xxx/CVE-2020-3911.json index 3e690829bc0..383b0d9d056 100644 --- a/2020/3xxx/CVE-2020-3911.json +++ b/2020/3xxx/CVE-2020-3911.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple issues in libxml2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2." } ] } diff --git a/2020/3xxx/CVE-2020-3912.json b/2020/3xxx/CVE-2020-3912.json index 8d4d6e27da2..5d0643a3c38 100644 --- a/2020/3xxx/CVE-2020-3912.json +++ b/2020/3xxx/CVE-2020-3912.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2020/3xxx/CVE-2020-3913.json b/2020/3xxx/CVE-2020-3913.json index c815d79b852..cbb387e4932 100644 --- a/2020/3xxx/CVE-2020-3913.json +++ b/2020/3xxx/CVE-2020-3913.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3914.json b/2020/3xxx/CVE-2020-3914.json index 3162a1d25e4..3192acdcc67 100644 --- a/2020/3xxx/CVE-2020-3914.json +++ b/2020/3xxx/CVE-2020-3914.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to read restricted memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory." } ] } diff --git a/2020/3xxx/CVE-2020-3916.json b/2020/3xxx/CVE-2020-3916.json index f236c27d80d..1541021d1ae 100644 --- a/2020/3xxx/CVE-2020-3916.json +++ b/2020/3xxx/CVE-2020-3916.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Setting an alternate app icon may disclose a photo without needing permission to access photos" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos." } ] } diff --git a/2020/3xxx/CVE-2020-3917.json b/2020/3xxx/CVE-2020-3917.json index 898d8610488..0a2a9f6d820 100644 --- a/2020/3xxx/CVE-2020-3917.json +++ b/2020/3xxx/CVE-2020-3917.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to use an SSH client provided by private frameworks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks." } ] } diff --git a/2020/3xxx/CVE-2020-3919.json b/2020/3xxx/CVE-2020-3919.json index 2e9d8f377ac..55d02ae52f7 100644 --- a/2020/3xxx/CVE-2020-3919.json +++ b/2020/3xxx/CVE-2020-3919.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9768.json b/2020/9xxx/CVE-2020-9768.json index 7fb00189394..7a838305dc3 100644 --- a/2020/9xxx/CVE-2020-9768.json +++ b/2020/9xxx/CVE-2020-9768.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with system privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9769.json b/2020/9xxx/CVE-2020-9769.json index 31a3e5a51d3..d7b1a565adc 100644 --- a/2020/9xxx/CVE-2020-9769.json +++ b/2020/9xxx/CVE-2020-9769.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple issues in Vim" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim." } ] } diff --git a/2020/9xxx/CVE-2020-9770.json b/2020/9xxx/CVE-2020-9770.json index 4d6277b6c48..c93c4a0868f 100644 --- a/2020/9xxx/CVE-2020-9770.json +++ b/2020/9xxx/CVE-2020-9770.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker in a privileged network position may be able to intercept Bluetooth traffic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic." } ] } diff --git a/2020/9xxx/CVE-2020-9773.json b/2020/9xxx/CVE-2020-9773.json index d4070fad905..bb48f190210 100644 --- a/2020/9xxx/CVE-2020-9773.json +++ b/2020/9xxx/CVE-2020-9773.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to identify what other applications a user has installed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to identify what other applications a user has installed." } ] } diff --git a/2020/9xxx/CVE-2020-9775.json b/2020/9xxx/CVE-2020-9775.json index 52fe0fa0473..91e9d4fb55b 100644 --- a/2020/9xxx/CVE-2020-9775.json +++ b/2020/9xxx/CVE-2020-9775.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user's private browsing activity may be unexpectedly saved in Screen Time" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time." } ] } diff --git a/2020/9xxx/CVE-2020-9776.json b/2020/9xxx/CVE-2020-9776.json index 01b74cff0b0..05d651191d2 100644 --- a/2020/9xxx/CVE-2020-9776.json +++ b/2020/9xxx/CVE-2020-9776.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9776", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to access a user's call history" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history." } ] } diff --git a/2020/9xxx/CVE-2020-9777.json b/2020/9xxx/CVE-2020-9777.json index 40125456f0a..6b26b6220d8 100644 --- a/2020/9xxx/CVE-2020-9777.json +++ b/2020/9xxx/CVE-2020-9777.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cropped videos may not be shared properly via Mail" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail." } ] } diff --git a/2020/9xxx/CVE-2020-9780.json b/2020/9xxx/CVE-2020-9780.json index 21da443e816..3c68881c557 100644 --- a/2020/9xxx/CVE-2020-9780.json +++ b/2020/9xxx/CVE-2020-9780.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to view deleted content in the app switcher" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher." } ] } diff --git a/2020/9xxx/CVE-2020-9781.json b/2020/9xxx/CVE-2020-9781.json index 983a9da0fb9..39ec7a84615 100644 --- a/2020/9xxx/CVE-2020-9781.json +++ b/2020/9xxx/CVE-2020-9781.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may grant website permissions to a site they didn't intend to" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to." } ] } diff --git a/2020/9xxx/CVE-2020-9783.json b/2020/9xxx/CVE-2020-9783.json index 1070d4ecdf1..cea126a41f8 100644 --- a/2020/9xxx/CVE-2020-9783.json +++ b/2020/9xxx/CVE-2020-9783.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes for Windows 12.10.5" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 10.9.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + }, + { + "url": "https://support.apple.com/HT211105", + "refsource": "MISC", + "name": "https://support.apple.com/HT211105" + }, + { + "url": "https://support.apple.com/HT211106", + "refsource": "MISC", + "name": "https://support.apple.com/HT211106" + }, + { + "url": "https://support.apple.com/HT211107", + "refsource": "MISC", + "name": "https://support.apple.com/HT211107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9784.json b/2020/9xxx/CVE-2020-9784.json index 646498ffd00..dd10ab753dc 100644 --- a/2020/9xxx/CVE-2020-9784.json +++ b/2020/9xxx/CVE-2020-9784.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious iframe may use another website\u2019s download settings" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211104", + "refsource": "MISC", + "name": "https://support.apple.com/HT211104" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website\u2019s download settings." } ] } diff --git a/2020/9xxx/CVE-2020-9785.json b/2020/9xxx/CVE-2020-9785.json index 0671a49d300..b707d5c26ff 100644 --- a/2020/9xxx/CVE-2020-9785.json +++ b/2020/9xxx/CVE-2020-9785.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.4 and iPadOS 13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211100", + "refsource": "MISC", + "name": "https://support.apple.com/HT211100" + }, + { + "url": "https://support.apple.com/HT211102", + "refsource": "MISC", + "name": "https://support.apple.com/HT211102" + }, + { + "url": "https://support.apple.com/HT211101", + "refsource": "MISC", + "name": "https://support.apple.com/HT211101" + }, + { + "url": "https://support.apple.com/HT211103", + "refsource": "MISC", + "name": "https://support.apple.com/HT211103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges." } ] }