diff --git a/2019/16xxx/CVE-2019-16127.json b/2019/16xxx/CVE-2019-16127.json new file mode 100644 index 00000000000..09e84d97c2f --- /dev/null +++ b/2019/16xxx/CVE-2019-16127.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.microchip.com/mplab/avr-support/advanced-software-framework", + "refsource": "MISC", + "name": "https://www.microchip.com/mplab/avr-support/advanced-software-framework" + }, + { + "refsource": "MISC", + "name": "https://census-labs.com/news/2020/10/21/microchip-asf4-integer-overflows-in-flash_read-flash_write-and-flash_append/", + "url": "https://census-labs.com/news/2020/10/21/microchip-asf4-integer-overflows-in-flash_read-flash_write-and-flash_append/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20201022 CVE-2019-16127, CVE-2019-16128 and CVE-2019-16129 for Microchip code", + "url": "https://www.openwall.com/lists/oss-security/2020/10/22/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16129.json b/2019/16xxx/CVE-2019-16129.json new file mode 100644 index 00000000000..9a287eb3af4 --- /dev/null +++ b/2019/16xxx/CVE-2019-16129.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.microchip.com/design-centers/security-ics/cryptoauthentication", + "refsource": "MISC", + "name": "https://www.microchip.com/design-centers/security-ics/cryptoauthentication" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20201022 CVE-2019-16127, CVE-2019-16128 and CVE-2019-16129 for Microchip code", + "url": "http://www.openwall.com/lists/oss-security/2020/10/22/1" + }, + { + "refsource": "MISC", + "name": "https://census-labs.com/news/2020/10/21/microchip-cryptoauthlib-atcab_genkey_base-buffer-overflow/", + "url": "https://census-labs.com/news/2020/10/21/microchip-cryptoauthlib-atcab_genkey_base-buffer-overflow/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19273.json b/2019/19xxx/CVE-2019-19273.json index aedc326e7c2..a5f73f16cbc 100644 --- a/2019/19xxx/CVE-2019-19273.json +++ b/2019/19xxx/CVE-2019-19273.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://security.samsungmobile.com/securityUpdate.smsb", "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "name": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/", + "url": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/" } ] } diff --git a/2020/27xxx/CVE-2020-27664.json b/2020/27xxx/CVE-2020-27664.json new file mode 100644 index 00000000000..a9cb82634d4 --- /dev/null +++ b/2020/27xxx/CVE-2020-27664.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strapi/strapi/releases/tag/v3.2.5", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases/tag/v3.2.5" + }, + { + "url": "https://github.com/strapi/strapi/pull/8442", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/pull/8442" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27665.json b/2020/27xxx/CVE-2020-27665.json new file mode 100644 index 00000000000..2c2a104b4da --- /dev/null +++ b/2020/27xxx/CVE-2020-27665.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strapi/strapi/releases/tag/v3.2.5", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases/tag/v3.2.5" + }, + { + "url": "https://github.com/strapi/strapi/pull/8439", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/pull/8439" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27666.json b/2020/27xxx/CVE-2020-27666.json new file mode 100644 index 00000000000..29213a8b8f5 --- /dev/null +++ b/2020/27xxx/CVE-2020-27666.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strapi/strapi/releases/tag/v3.2.5", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases/tag/v3.2.5" + }, + { + "url": "https://github.com/strapi/strapi/pull/8440", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/pull/8440" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27667.json b/2020/27xxx/CVE-2020-27667.json new file mode 100644 index 00000000000..6e1128adc32 --- /dev/null +++ b/2020/27xxx/CVE-2020-27667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27668.json b/2020/27xxx/CVE-2020-27668.json new file mode 100644 index 00000000000..26b1843d29c --- /dev/null +++ b/2020/27xxx/CVE-2020-27668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27669.json b/2020/27xxx/CVE-2020-27669.json new file mode 100644 index 00000000000..170875cad9a --- /dev/null +++ b/2020/27xxx/CVE-2020-27669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9901.json b/2020/9xxx/CVE-2020-9901.json index 1031be700d5..20100a90d70 100644 --- a/2020/9xxx/CVE-2020-9901.json +++ b/2020/9xxx/CVE-2020-9901.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may be able to elevate their privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9902.json b/2020/9xxx/CVE-2020-9902.json index 886b62f23e2..e629c1809a7 100644 --- a/2020/9xxx/CVE-2020-9902.json +++ b/2020/9xxx/CVE-2020-9902.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to determine kernel memory layout" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout." } ] } diff --git a/2020/9xxx/CVE-2020-9904.json b/2020/9xxx/CVE-2020-9904.json index 03e43d9dafe..b02e7d18f32 100644 --- a/2020/9xxx/CVE-2020-9904.json +++ b/2020/9xxx/CVE-2020-9904.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9905.json b/2020/9xxx/CVE-2020-9905.json index d539452a95b..2b3912e0a40 100644 --- a/2020/9xxx/CVE-2020-9905.json +++ b/2020/9xxx/CVE-2020-9905.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service." } ] } diff --git a/2020/9xxx/CVE-2020-9906.json b/2020/9xxx/CVE-2020-9906.json index fdedd46ebfc..23b68d0ac02 100644 --- a/2020/9xxx/CVE-2020-9906.json +++ b/2020/9xxx/CVE-2020-9906.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9908.json b/2020/9xxx/CVE-2020-9908.json index 2344efe7f68..7933ee8ec99 100644 --- a/2020/9xxx/CVE-2020-9908.json +++ b/2020/9xxx/CVE-2020-9908.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9919.json b/2020/9xxx/CVE-2020-9919.json index 0578e8f5ff3..b80b57b61d7 100644 --- a/2020/9xxx/CVE-2020-9919.json +++ b/2020/9xxx/CVE-2020-9919.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + }, + { + "url": "https://support.apple.com/kb/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211293" + }, + { + "url": "https://support.apple.com/kb/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211294" + }, + { + "url": "https://support.apple.com/kb/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9920.json b/2020/9xxx/CVE-2020-9920.json index 1eeb6c89247..2f76c8a774e 100644 --- a/2020/9xxx/CVE-2020-9920.json +++ b/2020/9xxx/CVE-2020-9920.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious mail server may overwrite arbitrary mail files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files." } ] } diff --git a/2020/9xxx/CVE-2020-9921.json b/2020/9xxx/CVE-2020-9921.json index 85fdeb99e75..4474766a015 100644 --- a/2020/9xxx/CVE-2020-9921.json +++ b/2020/9xxx/CVE-2020-9921.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with system privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9924.json b/2020/9xxx/CVE-2020-9924.json index dedbbde60da..383f50dbf51 100644 --- a/2020/9xxx/CVE-2020-9924.json +++ b/2020/9xxx/CVE-2020-9924.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service." } ] } diff --git a/2020/9xxx/CVE-2020-9927.json b/2020/9xxx/CVE-2020-9927.json index b2f65d0a88c..a62a1df5ec0 100644 --- a/2020/9xxx/CVE-2020-9927.json +++ b/2020/9xxx/CVE-2020-9927.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9928.json b/2020/9xxx/CVE-2020-9928.json index a0f802487ed..00d88813583 100644 --- a/2020/9xxx/CVE-2020-9928.json +++ b/2020/9xxx/CVE-2020-9928.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9929.json b/2020/9xxx/CVE-2020-9929.json index 534c8c4bb4b..ad6a291185c 100644 --- a/2020/9xxx/CVE-2020-9929.json +++ b/2020/9xxx/CVE-2020-9929.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2020/9xxx/CVE-2020-9935.json b/2020/9xxx/CVE-2020-9935.json index 6b030236b9a..4e631e4ffea 100644 --- a/2020/9xxx/CVE-2020-9935.json +++ b/2020/9xxx/CVE-2020-9935.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may be unexpectedly logged in to another user\u2019s account" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user\u2019s account." } ] } diff --git a/2020/9xxx/CVE-2020-9937.json b/2020/9xxx/CVE-2020-9937.json index 4c73b75734d..0f81b00e2b4 100644 --- a/2020/9xxx/CVE-2020-9937.json +++ b/2020/9xxx/CVE-2020-9937.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + }, + { + "url": "https://support.apple.com/kb/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211293" + }, + { + "url": "https://support.apple.com/kb/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211294" + }, + { + "url": "https://support.apple.com/kb/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9938.json b/2020/9xxx/CVE-2020-9938.json index 98c88cc8f7b..76a1963b3fc 100644 --- a/2020/9xxx/CVE-2020-9938.json +++ b/2020/9xxx/CVE-2020-9938.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + }, + { + "url": "https://support.apple.com/kb/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211293" + }, + { + "url": "https://support.apple.com/kb/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211294" + }, + { + "url": "https://support.apple.com/kb/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9939.json b/2020/9xxx/CVE-2020-9939.json index 4108a6da2c7..7358ed6afb7 100644 --- a/2020/9xxx/CVE-2020-9939.json +++ b/2020/9xxx/CVE-2020-9939.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to load unsigned kernel extensions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions." } ] } diff --git a/2020/9xxx/CVE-2020-9940.json b/2020/9xxx/CVE-2020-9940.json index e3c97091882..936403904fd 100644 --- a/2020/9xxx/CVE-2020-9940.json +++ b/2020/9xxx/CVE-2020-9940.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9980.json b/2020/9xxx/CVE-2020-9980.json index 42f56947c0f..a68f48bacff 100644 --- a/2020/9xxx/CVE-2020-9980.json +++ b/2020/9xxx/CVE-2020-9980.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted font file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9984.json b/2020/9xxx/CVE-2020-9984.json index 4dc0464a278..7621ecdb9ff 100644 --- a/2020/9xxx/CVE-2020-9984.json +++ b/2020/9xxx/CVE-2020-9984.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.10.8 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 11.3" + } + ] + } + }, + { + "product_name": "iCloud for Windows (Legacy)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211290", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211290" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + }, + { + "url": "https://support.apple.com/kb/HT211293", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211293" + }, + { + "url": "https://support.apple.com/kb/HT211294", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211294" + }, + { + "url": "https://support.apple.com/kb/HT211295", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9985.json b/2020/9xxx/CVE-2020-9985.json index a08252189a9..a0d2d0feee4 100644 --- a/2020/9xxx/CVE-2020-9985.json +++ b/2020/9xxx/CVE-2020-9985.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.6 and iPadOS 13.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211288", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211288" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/9xxx/CVE-2020-9986.json b/2020/9xxx/CVE-2020-9986.json index e0af6b4a647..fb4d01a45ef 100644 --- a/2020/9xxx/CVE-2020-9986.json +++ b/2020/9xxx/CVE-2020-9986.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211849", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211849" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information." } ] } diff --git a/2020/9xxx/CVE-2020-9990.json b/2020/9xxx/CVE-2020-9990.json index 99c6bc216de..8d6c0a1535a 100644 --- a/2020/9xxx/CVE-2020-9990.json +++ b/2020/9xxx/CVE-2020-9990.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/9xxx/CVE-2020-9994.json b/2020/9xxx/CVE-2020-9994.json index b47968f45b3..eb3d52dfd78 100644 --- a/2020/9xxx/CVE-2020-9994.json +++ b/2020/9xxx/CVE-2020-9994.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.5 and iPadOS 13.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.5" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to overwrite arbitrary files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211170" + }, + { + "url": "https://support.apple.com/kb/HT211168", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211168" + }, + { + "url": "https://support.apple.com/kb/HT211171", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211171" + }, + { + "url": "https://support.apple.com/kb/HT211175", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211175" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files." } ] } diff --git a/2020/9xxx/CVE-2020-9997.json b/2020/9xxx/CVE-2020-9997.json index 916f2220e78..c5ce88334ce 100644 --- a/2020/9xxx/CVE-2020-9997.json +++ b/2020/9xxx/CVE-2020-9997.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may disclose restricted memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/kb/HT211289", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211289" + }, + { + "url": "https://support.apple.com/kb/HT211291", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT211291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory." } ] }