admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-16 19:01:06 +00:00
parent 8a95febcc2
commit a7aabf8998
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
25 changed files with 1321 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2020/12xxx/CVE-2020-12944.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

76
2020/12xxx/CVE-2020-12946.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2020/12xxx/CVE-2020-12951.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2020/12xxx/CVE-2020-12954.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

76
2020/12xxx/CVE-2020-12961.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

56
2020/21xxx/CVE-2020-21627.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21627",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC",
"refsource": "MISC",
"name": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC"
}
]
}

56
2020/21xxx/CVE-2020-21639.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC",
"refsource": "MISC",
"name": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC"
}
]
}

65
2021/26xxx/CVE-2021-26315.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2021/26xxx/CVE-2021-26320.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2021/26xxx/CVE-2021-26321.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

65
2021/26xxx/CVE-2021-26323.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

65
2021/26xxx/CVE-2021-26325.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

65
2021/26xxx/CVE-2021-26327.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2021/26xxx/CVE-2021-26330.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2021/26xxx/CVE-2021-26331.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

87
2021/26xxx/CVE-2021-26335.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

76
2021/26xxx/CVE-2021-26336.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

76
2021/26xxx/CVE-2021-26337.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}

2
2021/41xxx/CVE-2021-41252.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Kirby is an open source file structured CMS\n### Impact\n\nKirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby's API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby's API. Please update to this or a later version to fix the vulnerability."
"value": "Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby's API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby's API. Please update to this or a later version to fix the vulnerability."
}
]
},

10
2021/41xxx/CVE-2021-41258.json
View File

@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.5.8",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8"
},
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-cq58-r77c-5jjw",
"refsource": "CONFIRM",
@ -78,11 +83,6 @@
"name": "https://github.com/getkirby/kirby/pull/3510",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/pull/3510"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.5.8",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8"
}
]
},

5
2021/43xxx/CVE-2021-43046.json
View File

@ -75,6 +75,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046",
"url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046"
}
]
},

5
2021/43xxx/CVE-2021-43047.json
View File

@ -75,6 +75,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047",
"url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047"
}
]
},

5
2021/43xxx/CVE-2021-43048.json
View File

@ -75,6 +75,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43048",
"url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43048"
}
]
},

18
2021/43xxx/CVE-2021-43773.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/43xxx/CVE-2021-43774.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}