diff --git a/2020/12xxx/CVE-2020-12944.json b/2020/12xxx/CVE-2020-12944.json index efec8367d14..4ecdb1ae5ed 100644 --- a/2020/12xxx/CVE-2020-12944.json +++ b/2020/12xxx/CVE-2020-12944.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12946.json b/2020/12xxx/CVE-2020-12946.json index a51dd9e5974..94365a0de8b 100644 --- a/2020/12xxx/CVE-2020-12946.json +++ b/2020/12xxx/CVE-2020-12946.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12951.json b/2020/12xxx/CVE-2020-12951.json index 1fbb354ebaa..cccf957d877 100644 --- a/2020/12xxx/CVE-2020-12951.json +++ b/2020/12xxx/CVE-2020-12951.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12954.json b/2020/12xxx/CVE-2020-12954.json index a388df2cd17..b9a7afc0371 100644 --- a/2020/12xxx/CVE-2020-12954.json +++ b/2020/12xxx/CVE-2020-12954.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693 Protection Mechanism Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12961.json b/2020/12xxx/CVE-2020-12961.json index 38800e81ee3..cb0b1b06481 100644 --- a/2020/12xxx/CVE-2020-12961.json +++ b/2020/12xxx/CVE-2020-12961.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/21xxx/CVE-2020-21627.json b/2020/21xxx/CVE-2020-21627.json index fa6c4519322..e7fc072ae32 100644 --- a/2020/21xxx/CVE-2020-21627.json +++ b/2020/21xxx/CVE-2020-21627.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21627", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC", + "refsource": "MISC", + "name": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC" } ] } diff --git a/2020/21xxx/CVE-2020-21639.json b/2020/21xxx/CVE-2020-21639.json index af3671ba385..ddd83212646 100644 --- a/2020/21xxx/CVE-2020-21639.json +++ b/2020/21xxx/CVE-2020-21639.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21639", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21639", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC", + "refsource": "MISC", + "name": "https://github.com/Sm1L3ing/ACSEC/blob/master/Ruijie-RG-UAC" } ] } diff --git a/2021/26xxx/CVE-2021-26315.json b/2021/26xxx/CVE-2021-26315.json index eb88ca7a54d..02a151bb134 100644 --- a/2021/26xxx/CVE-2021-26315.json +++ b/2021/26xxx/CVE-2021-26315.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345 Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26320.json b/2021/26xxx/CVE-2021-26320.json index 8f4869565d7..03af407e242 100644 --- a/2021/26xxx/CVE-2021-26320.json +++ b/2021/26xxx/CVE-2021-26320.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26321.json b/2021/26xxx/CVE-2021-26321.json index e533601c68e..2b9725a7721 100644 --- a/2021/26xxx/CVE-2021-26321.json +++ b/2021/26xxx/CVE-2021-26321.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26321", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26323.json b/2021/26xxx/CVE-2021-26323.json index c2182edc43a..4b0b59d6c87 100644 --- a/2021/26xxx/CVE-2021-26323.json +++ b/2021/26xxx/CVE-2021-26323.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26323", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26325.json b/2021/26xxx/CVE-2021-26325.json index 42bdc42e221..8d09226c40d 100644 --- a/2021/26xxx/CVE-2021-26325.json +++ b/2021/26xxx/CVE-2021-26325.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26327.json b/2021/26xxx/CVE-2021-26327.json index 1535d2c86d5..2f8856d9d44 100644 --- a/2021/26xxx/CVE-2021-26327.json +++ b/2021/26xxx/CVE-2021-26327.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26330.json b/2021/26xxx/CVE-2021-26330.json index ca6eaecd797..b97c0fdb119 100644 --- a/2021/26xxx/CVE-2021-26330.json +++ b/2021/26xxx/CVE-2021-26330.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26331.json b/2021/26xxx/CVE-2021-26331.json index 90dd2427637..7aa4fd80eea 100644 --- a/2021/26xxx/CVE-2021-26331.json +++ b/2021/26xxx/CVE-2021-26331.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26335.json b/2021/26xxx/CVE-2021-26335.json index 2037952d837..30d9557891c 100644 --- a/2021/26xxx/CVE-2021-26335.json +++ b/2021/26xxx/CVE-2021-26335.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26335", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1st Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "NaplesPI-SP3_1.0.0.G" + } + ] + } + }, + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26336.json b/2021/26xxx/CVE-2021-26336.json index 575c8cf81bb..d9b1b4b3477 100644 --- a/2021/26xxx/CVE-2021-26336.json +++ b/2021/26xxx/CVE-2021-26336.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26337.json b/2021/26xxx/CVE-2021-26337.json index edb6b8b0dff..7e58823b01a 100644 --- a/2021/26xxx/CVE-2021-26337.json +++ b/2021/26xxx/CVE-2021-26337.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "2nd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "RomePI-SP3_1.0.0.C" + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "MilanPI-SP3_1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + } + ] + }, + "source": { + "advisory": "AMD-SB-1021", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41252.json b/2021/41xxx/CVE-2021-41252.json index 68a1defbbf4..f6f0f4142ee 100644 --- a/2021/41xxx/CVE-2021-41252.json +++ b/2021/41xxx/CVE-2021-41252.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Kirby is an open source file structured CMS\n### Impact\n\nKirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby's API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby's API. Please update to this or a later version to fix the vulnerability." + "value": "Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby's API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby's API. Please update to this or a later version to fix the vulnerability." } ] }, diff --git a/2021/41xxx/CVE-2021-41258.json b/2021/41xxx/CVE-2021-41258.json index 35b87d794b1..1cb5625f9e3 100644 --- a/2021/41xxx/CVE-2021-41258.json +++ b/2021/41xxx/CVE-2021-41258.json @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/getkirby/kirby/releases/tag/3.5.8", + "refsource": "MISC", + "url": "https://github.com/getkirby/kirby/releases/tag/3.5.8" + }, { "name": "https://github.com/getkirby/kirby/security/advisories/GHSA-cq58-r77c-5jjw", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://github.com/getkirby/kirby/pull/3510", "refsource": "MISC", "url": "https://github.com/getkirby/kirby/pull/3510" - }, - { - "name": "https://github.com/getkirby/kirby/releases/tag/3.5.8", - "refsource": "MISC", - "url": "https://github.com/getkirby/kirby/releases/tag/3.5.8" } ] }, diff --git a/2021/43xxx/CVE-2021-43046.json b/2021/43xxx/CVE-2021-43046.json index 2ab55e250ec..ed471fe3070 100644 --- a/2021/43xxx/CVE-2021-43046.json +++ b/2021/43xxx/CVE-2021-43046.json @@ -75,6 +75,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046", + "url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046" } ] }, diff --git a/2021/43xxx/CVE-2021-43047.json b/2021/43xxx/CVE-2021-43047.json index d1bc64b5012..1f082d9f2fe 100644 --- a/2021/43xxx/CVE-2021-43047.json +++ b/2021/43xxx/CVE-2021-43047.json @@ -75,6 +75,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047", + "url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047" } ] }, diff --git a/2021/43xxx/CVE-2021-43048.json b/2021/43xxx/CVE-2021-43048.json index 1b42eb2dbbd..806972871e0 100644 --- a/2021/43xxx/CVE-2021-43048.json +++ b/2021/43xxx/CVE-2021-43048.json @@ -75,6 +75,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43048", + "url": "https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43048" } ] }, diff --git a/2021/43xxx/CVE-2021-43773.json b/2021/43xxx/CVE-2021-43773.json new file mode 100644 index 00000000000..b48beef3f5c --- /dev/null +++ b/2021/43xxx/CVE-2021-43773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43774.json b/2021/43xxx/CVE-2021-43774.json new file mode 100644 index 00000000000..29fc6f388e3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file