From adee360a90f844be5f4935ad8ea3c646ad218c7c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 May 2025 22:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/28xxx/CVE-2024-28036.json | 76 +++++++++++++++++- 2024/28xxx/CVE-2024-28954.json | 76 +++++++++++++++++- 2024/28xxx/CVE-2024-28956.json | 76 +++++++++++++++++- 2024/29xxx/CVE-2024-29222.json | 76 +++++++++++++++++- 2024/31xxx/CVE-2024-31073.json | 76 +++++++++++++++++- 2024/31xxx/CVE-2024-31150.json | 76 +++++++++++++++++- 2024/36xxx/CVE-2024-36292.json | 76 +++++++++++++++++- 2024/39xxx/CVE-2024-39758.json | 76 +++++++++++++++++- 2024/39xxx/CVE-2024-39833.json | 76 +++++++++++++++++- 2024/43xxx/CVE-2024-43101.json | 76 +++++++++++++++++- 2024/43xxx/CVE-2024-43420.json | 76 +++++++++++++++++- 2024/45xxx/CVE-2024-45332.json | 76 +++++++++++++++++- 2024/45xxx/CVE-2024-45333.json | 76 +++++++++++++++++- 2024/45xxx/CVE-2024-45371.json | 76 +++++++++++++++++- 2024/46xxx/CVE-2024-46895.json | 76 +++++++++++++++++- 2024/47xxx/CVE-2024-47550.json | 76 +++++++++++++++++- 2024/47xxx/CVE-2024-47795.json | 76 +++++++++++++++++- 2024/47xxx/CVE-2024-47800.json | 76 +++++++++++++++++- 2024/48xxx/CVE-2024-48869.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20003.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20004.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20006.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20008.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20009.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20012.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20013.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20015.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20018.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20022.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20026.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20030.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20031.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20032.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20034.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20039.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20041.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20043.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20046.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20047.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20052.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20054.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20057.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20062.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20071.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20076.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20079.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20082.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20083.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20084.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20095.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20100.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20101.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20103.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20104.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20108.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20611.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20612.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20616.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20618.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20623.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20624.json | 76 +++++++++++++++++- 2025/20xxx/CVE-2025-20629.json | 76 +++++++++++++++++- 2025/21xxx/CVE-2025-21081.json | 76 +++++++++++++++++- 2025/21xxx/CVE-2025-21094.json | 76 +++++++++++++++++- 2025/21xxx/CVE-2025-21099.json | 76 +++++++++++++++++- 2025/21xxx/CVE-2025-21100.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22446.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22448.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22843.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22844.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22848.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22892.json | 76 +++++++++++++++++- 2025/22xxx/CVE-2025-22895.json | 76 +++++++++++++++++- 2025/23xxx/CVE-2025-23233.json | 76 +++++++++++++++++- 2025/24xxx/CVE-2025-24308.json | 76 +++++++++++++++++- 2025/24xxx/CVE-2025-24495.json | 76 +++++++++++++++++- 2025/26xxx/CVE-2025-26646.json | 137 ++++++++++++++++++++++++++++++++- 2025/32xxx/CVE-2025-32052.json | 39 ++++++---- 2025/32xxx/CVE-2025-32053.json | 39 ++++++---- 2025/32xxx/CVE-2025-32907.json | 39 ++++++---- 2025/46xxx/CVE-2025-46420.json | 39 ++++++---- 2025/46xxx/CVE-2025-46421.json | 65 ++++++++++++---- 2025/47xxx/CVE-2025-47905.json | 62 +++++++++++++++ 2025/4xxx/CVE-2025-4574.json | 81 ++++++++++++++++++- 2025/4xxx/CVE-2025-4668.json | 8 +- 85 files changed, 5904 insertions(+), 381 deletions(-) create mode 100644 2025/47xxx/CVE-2025-47905.json diff --git a/2024/28xxx/CVE-2024-28036.json b/2024/28xxx/CVE-2024-28036.json index 4b6230c3be4..17aaf4be792 100644 --- a/2024/28xxx/CVE-2024-28036.json +++ b/2024/28xxx/CVE-2024-28036.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check for some Intel(R) Arc\u2122 GPU may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc\u2122 GPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01252.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01252.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28954.json b/2024/28xxx/CVE-2024-28954.json index 56496aa6120..d81c79b21f6 100644 --- a/2024/28xxx/CVE-2024-28954.json +++ b/2024/28xxx/CVE-2024-28954.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28956.json b/2024/28xxx/CVE-2024-28956.json index 5bdf8210118..1b978160547 100644 --- a/2024/28xxx/CVE-2024-28956.json +++ b/2024/28xxx/CVE-2024-28956.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution", + "cweId": "CWE-1421" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2024/29xxx/CVE-2024-29222.json b/2024/29xxx/CVE-2024-29222.json index 1061aaecf26..ca4865b2bda 100644 --- a/2024/29xxx/CVE-2024-29222.json +++ b/2024/29xxx/CVE-2024-29222.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/31xxx/CVE-2024-31073.json b/2024/31xxx/CVE-2024-31073.json index bb849ea2b73..55dd978ef2b 100644 --- a/2024/31xxx/CVE-2024-31073.json +++ b/2024/31xxx/CVE-2024-31073.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) oneAPI Level Zero software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01274.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01274.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/31xxx/CVE-2024-31150.json b/2024/31xxx/CVE-2024-31150.json index 1870cb8441b..31edc90bc22 100644 --- a/2024/31xxx/CVE-2024-31150.json +++ b/2024/31xxx/CVE-2024-31150.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.8, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2024/36xxx/CVE-2024-36292.json b/2024/36xxx/CVE-2024-36292.json index bdf20284072..3143dea281b 100644 --- a/2024/36xxx/CVE-2024-36292.json +++ b/2024/36xxx/CVE-2024-36292.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Data Center GPU Flex Series for Windows driver", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4314" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/39xxx/CVE-2024-39758.json b/2024/39xxx/CVE-2024-39758.json index 5f92469054d..7cfd725f8f6 100644 --- a/2024/39xxx/CVE-2024-39758.json +++ b/2024/39xxx/CVE-2024-39758.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc\u2122 & Iris(R) Xe graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4032" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/39xxx/CVE-2024-39833.json b/2024/39xxx/CVE-2024-39833.json index 2addf7db251..30e398b0b20 100644 --- a/2024/39xxx/CVE-2024-39833.json +++ b/2024/39xxx/CVE-2024-39833.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) QAT software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01216.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01216.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/43xxx/CVE-2024-43101.json b/2024/43xxx/CVE-2024-43101.json index 6d2d405e8a3..5211436797b 100644 --- a/2024/43xxx/CVE-2024-43101.json +++ b/2024/43xxx/CVE-2024-43101.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Data Center GPU Flex Series for Windows driver software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4255" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/43xxx/CVE-2024-43420.json b/2024/43xxx/CVE-2024-43420.json index 4607e95df85..8e6782eecd1 100644 --- a/2024/43xxx/CVE-2024-43420.json +++ b/2024/43xxx/CVE-2024-43420.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", + "cweId": "CWE-1423" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel Atom(R) processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2024/45xxx/CVE-2024-45332.json b/2024/45xxx/CVE-2024-45332.json index 68d573c43bd..30772a8dfda 100644 --- a/2024/45xxx/CVE-2024-45332.json +++ b/2024/45xxx/CVE-2024-45332.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45332", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", + "cweId": "CWE-1423" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2024/45xxx/CVE-2024-45333.json b/2024/45xxx/CVE-2024-45333.json index e13599fbc06..f3b62ea47f2 100644 --- a/2024/45xxx/CVE-2024-45333.json +++ b/2024/45xxx/CVE-2024-45333.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Data Center GPU Flex Series for Windows driver", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4314" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/45xxx/CVE-2024-45371.json b/2024/45xxx/CVE-2024-45371.json index 80de8f7580c..6d46d71d499 100644 --- a/2024/45xxx/CVE-2024-45371.json +++ b/2024/45xxx/CVE-2024-45371.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc\u2122 & Iris(R) Xe graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 32.0.101.6077" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/46xxx/CVE-2024-46895.json b/2024/46xxx/CVE-2024-46895.json index 0a94c4ed12e..60744c4c52f 100644 --- a/2024/46xxx/CVE-2024-46895.json +++ b/2024/46xxx/CVE-2024-46895.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-46895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Arc\u2122 & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc\u2122 & Iris(R) Xe graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 32.0.101.6083/32.0.101.5736" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47550.json b/2024/47xxx/CVE-2024-47550.json index 03f3328b85a..eb3ef7d5cff 100644 --- a/2024/47xxx/CVE-2024-47550.json +++ b/2024/47xxx/CVE-2024-47550.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Endurance Gaming Mode software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01254.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01254.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47795.json b/2024/47xxx/CVE-2024-47795.json index 197b821d327..589ffefa299 100644 --- a/2024/47xxx/CVE-2024-47795.json +++ b/2024/47xxx/CVE-2024-47795.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) oneAPI DPC++/C++ Compiler software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2025.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01243.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01243.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47800.json b/2024/47xxx/CVE-2024-47800.json index 39fb9ea2db2..68b3404f9f5 100644 --- a/2024/47xxx/CVE-2024-47800.json +++ b/2024/47xxx/CVE-2024-47800.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/48xxx/CVE-2024-48869.json b/2024/48xxx/CVE-2024-48869.json index 633ead95c43..483c3f5438d 100644 --- a/2024/48xxx/CVE-2024-48869.json +++ b/2024/48xxx/CVE-2024-48869.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Restriction of Software Interfaces to Hardware Features", + "cweId": "CWE-1256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01268.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01268.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20003.json b/2025/20xxx/CVE-2025-20003.json index 967035be43c..385dff42501 100644 --- a/2025/20xxx/CVE-2025-20003.json +++ b/2025/20xxx/CVE-2025-20003.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20004.json b/2025/20xxx/CVE-2025-20004.json index 78e99696061..1b9de158d52 100644 --- a/2025/20xxx/CVE-2025-20004.json +++ b/2025/20xxx/CVE-2025-20004.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Insufficient Control Flow Management", + "cweId": "CWE-691" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Xeon(R) 6 processor E-Cores firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20006.json b/2025/20xxx/CVE-2025-20006.json index 71c82fc7615..3844493b888 100644 --- a/2025/20xxx/CVE-2025-20006.json +++ b/2025/20xxx/CVE-2025-20006.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20008.json b/2025/20xxx/CVE-2025-20008.json index fef3818c54e..9df40a651fb 100644 --- a/2025/20xxx/CVE-2025-20008.json +++ b/2025/20xxx/CVE-2025-20008.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Insecure Inherited Permissions", + "cweId": "CWE-277" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Simics(R) Package Manager software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20009.json b/2025/20xxx/CVE-2025-20009.json index d5d61d803a2..1b64d22c129 100644 --- a/2025/20xxx/CVE-2025-20009.json +++ b/2025/20xxx/CVE-2025-20009.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP boards", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20012.json b/2025/20xxx/CVE-2025-20012.json index d5d2d51e4b6..87b68e4c5df 100644 --- a/2025/20xxx/CVE-2025-20012.json +++ b/2025/20xxx/CVE-2025-20012.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20012", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect behavior order for some Intel(R) Core\u2122 Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Incorrect Behavior Order", + "cweId": "CWE-696" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Core\u2122 Ultra Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20013.json b/2025/20xxx/CVE-2025-20013.json index 229f018a150..242095e10d9 100644 --- a/2025/20xxx/CVE-2025-20013.json +++ b/2025/20xxx/CVE-2025-20013.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20015.json b/2025/20xxx/CVE-2025-20015.json index ea90038833f..da9bcfe89eb 100644 --- a/2025/20xxx/CVE-2025-20015.json +++ b/2025/20xxx/CVE-2025-20015.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Connection software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 29.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01294.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01294.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20018.json b/2025/20xxx/CVE-2025-20018.json index 00d71366f91..a48c02dcce1 100644 --- a/2025/20xxx/CVE-2025-20018.json +++ b/2025/20xxx/CVE-2025-20018.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Untrusted Pointer Dereference", + "cweId": "CWE-822" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20022.json b/2025/20xxx/CVE-2025-20022.json index ccf57c0f66c..d398964f61b 100644 --- a/2025/20xxx/CVE-2025-20022.json +++ b/2025/20xxx/CVE-2025-20022.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Insufficient Control Flow Management", + "cweId": "CWE-691" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20026.json b/2025/20xxx/CVE-2025-20026.json index 31f361bed00..08cd80be3b4 100644 --- a/2025/20xxx/CVE-2025-20026.json +++ b/2025/20xxx/CVE-2025-20026.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20030.json b/2025/20xxx/CVE-2025-20030.json index bb4b865de40..5bf37b895b4 100644 --- a/2025/20xxx/CVE-2025-20030.json +++ b/2025/20xxx/CVE-2025-20030.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20031.json b/2025/20xxx/CVE-2025-20031.json index 81f060b368c..7a7ef890ef6 100644 --- a/2025/20xxx/CVE-2025-20031.json +++ b/2025/20xxx/CVE-2025-20031.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20032.json b/2025/20xxx/CVE-2025-20032.json index b059cd2668e..d42bc5d08b0 100644 --- a/2025/20xxx/CVE-2025-20032.json +++ b/2025/20xxx/CVE-2025-20032.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20034.json b/2025/20xxx/CVE-2025-20034.json index b98303a67f6..8a43d75f6ad 100644 --- a/2025/20xxx/CVE-2025-20034.json +++ b/2025/20xxx/CVE-2025-20034.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP boards", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version R01.02.0003" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20039.json b/2025/20xxx/CVE-2025-20039.json index 6c4553a5979..582716b18d9 100644 --- a/2025/20xxx/CVE-2025-20039.json +++ b/2025/20xxx/CVE-2025-20039.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20041.json b/2025/20xxx/CVE-2025-20041.json index 6d1751f891f..8b129d96588 100644 --- a/2025/20xxx/CVE-2025-20041.json +++ b/2025/20xxx/CVE-2025-20041.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc\u2122 graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics software for Intel(R) Arc\u2122 graphics and Intel(R) Iris(R) Xe graphics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 32.0.101.6325/32.0.101.6252" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20043.json b/2025/20xxx/CVE-2025-20043.json index 504c30064da..bdcf3add4b8 100644 --- a/2025/20xxx/CVE-2025-20043.json +++ b/2025/20xxx/CVE-2025-20043.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) RealSense\u2122 SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) RealSense\u2122 SDK software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.56.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01305.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01305.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20046.json b/2025/20xxx/CVE-2025-20046.json index d74b09b4d72..42478bbe198 100644 --- a/2025/20xxx/CVE-2025-20046.json +++ b/2025/20xxx/CVE-2025-20046.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20047.json b/2025/20xxx/CVE-2025-20047.json index 1ec53cd9f9e..469e4ef7e1e 100644 --- a/2025/20xxx/CVE-2025-20047.json +++ b/2025/20xxx/CVE-2025-20047.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core\u2122 Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Locking", + "cweId": "CWE-667" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Core\u2122 Ultra Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20052.json b/2025/20xxx/CVE-2025-20052.json index 5c1d466083e..ef8bdd41dfd 100644 --- a/2025/20xxx/CVE-2025-20052.json +++ b/2025/20xxx/CVE-2025-20052.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20054.json b/2025/20xxx/CVE-2025-20054.json index 4beec50f544..69e85da0bd0 100644 --- a/2025/20xxx/CVE-2025-20054.json +++ b/2025/20xxx/CVE-2025-20054.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20057.json b/2025/20xxx/CVE-2025-20057.json index 2bd1cbef2ba..b15f433a366 100644 --- a/2025/20xxx/CVE-2025-20057.json +++ b/2025/20xxx/CVE-2025-20057.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2025/20xxx/CVE-2025-20062.json b/2025/20xxx/CVE-2025-20062.json index c05ad77a6e0..789540b7e6c 100644 --- a/2025/20xxx/CVE-2025-20062.json +++ b/2025/20xxx/CVE-2025-20062.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20071.json b/2025/20xxx/CVE-2025-20071.json index 4bfb543abf9..86b80f2381a 100644 --- a/2025/20xxx/CVE-2025-20071.json +++ b/2025/20xxx/CVE-2025-20071.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20076.json b/2025/20xxx/CVE-2025-20076.json index b886da8e5d5..4211932bfe1 100644 --- a/2025/20xxx/CVE-2025-20076.json +++ b/2025/20xxx/CVE-2025-20076.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2025/20xxx/CVE-2025-20079.json b/2025/20xxx/CVE-2025-20079.json index be47301e1b2..1adc1641897 100644 --- a/2025/20xxx/CVE-2025-20079.json +++ b/2025/20xxx/CVE-2025-20079.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Advisor software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01263.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01263.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20082.json b/2025/20xxx/CVE-2025-20082.json index 7a668f3f3ca..09f96adfb76 100644 --- a/2025/20xxx/CVE-2025-20082.json +++ b/2025/20xxx/CVE-2025-20082.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP boards", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20083.json b/2025/20xxx/CVE-2025-20083.json index 52243d96cef..4a5648184bf 100644 --- a/2025/20xxx/CVE-2025-20083.json +++ b/2025/20xxx/CVE-2025-20083.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20083", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Slim Bootloader", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01290.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01290.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20084.json b/2025/20xxx/CVE-2025-20084.json index 023c54024b5..b0ef8b4f8e8 100644 --- a/2025/20xxx/CVE-2025-20084.json +++ b/2025/20xxx/CVE-2025-20084.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2025/20xxx/CVE-2025-20095.json b/2025/20xxx/CVE-2025-20095.json index d3d9e2221f3..14b6c235892 100644 --- a/2025/20xxx/CVE-2025-20095.json +++ b/2025/20xxx/CVE-2025-20095.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Default Permissions for some Intel(R) RealSense\u2122 SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) RealSense\u2122 SDK software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.56.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01305.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01305.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20100.json b/2025/20xxx/CVE-2025-20100.json index dabe77a0d02..a2c7baa23b3 100644 --- a/2025/20xxx/CVE-2025-20100.json +++ b/2025/20xxx/CVE-2025-20100.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Xeon(R) 6 processor with E-cores", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01278.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01278.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20101.json b/2025/20xxx/CVE-2025-20101.json index 1ba9a1eb4b3..b2f2aa3c9d6 100644 --- a/2025/20xxx/CVE-2025-20101.json +++ b/2025/20xxx/CVE-2025-20101.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure, Denial of Service" + }, + { + "lang": "eng", + "value": "Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20103.json b/2025/20xxx/CVE-2025-20103.json index fa2e6984f5d..d7af6d76f94 100644 --- a/2025/20xxx/CVE-2025-20103.json +++ b/2025/20xxx/CVE-2025-20103.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Insufficient Resource Pool", + "cweId": "CWE-410" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20104.json b/2025/20xxx/CVE-2025-20104.json index f700e403c45..7893499376b 100644 --- a/2025/20xxx/CVE-2025-20104.json +++ b/2025/20xxx/CVE-2025-20104.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Administrative Tools for some Intel(R) Network Adapters package", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 29.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01293.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01293.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20108.json b/2025/20xxx/CVE-2025-20108.json index 3dc0755f79f..5fd96ad3357 100644 --- a/2025/20xxx/CVE-2025-20108.json +++ b/2025/20xxx/CVE-2025-20108.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Network Adapter Driver installers for Windows 11", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 29.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01293.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01293.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20611.json b/2025/20xxx/CVE-2025-20611.json index 172a91bc520..b3a431d67d7 100644 --- a/2025/20xxx/CVE-2025-20611.json +++ b/2025/20xxx/CVE-2025-20611.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20612.json b/2025/20xxx/CVE-2025-20612.json index 946f55d4d08..1a5d443180d 100644 --- a/2025/20xxx/CVE-2025-20612.json +++ b/2025/20xxx/CVE-2025-20612.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Execution-Assigned Permissions", + "cweId": "CWE-279" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2025/20xxx/CVE-2025-20616.json b/2025/20xxx/CVE-2025-20616.json index 5ad69d3ec3a..595a24b908f 100644 --- a/2025/20xxx/CVE-2025-20616.json +++ b/2025/20xxx/CVE-2025-20616.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2025/20xxx/CVE-2025-20618.json b/2025/20xxx/CVE-2025-20618.json index 885664b3d8e..779fe91059e 100644 --- a/2025/20xxx/CVE-2025-20618.json +++ b/2025/20xxx/CVE-2025-20618.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) PROSet/Wireless WiFi Software for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/20xxx/CVE-2025-20623.json b/2025/20xxx/CVE-2025-20623.json index 040b0e54a4b..9866f507725 100644 --- a/2025/20xxx/CVE-2025-20623.json +++ b/2025/20xxx/CVE-2025-20623.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core\u2122 processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", + "cweId": "CWE-1423" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Core\u2122 processors (10th Generation)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20624.json b/2025/20xxx/CVE-2025-20624.json index 74386b33e6a..145463ee20d 100644 --- a/2025/20xxx/CVE-2025-20624.json +++ b/2025/20xxx/CVE-2025-20624.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/20xxx/CVE-2025-20629.json b/2025/20xxx/CVE-2025-20629.json index ec4d7ee317b..f065ead4774 100644 --- a/2025/20xxx/CVE-2025-20629.json +++ b/2025/20xxx/CVE-2025-20629.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-20629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Insecure Inherited Permissions", + "cweId": "CWE-277" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Adapter E810 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 4.60" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01295.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01295.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/21xxx/CVE-2025-21081.json b/2025/21xxx/CVE-2025-21081.json index 9f94bb43150..8b57d213dbb 100644 --- a/2025/21xxx/CVE-2025-21081.json +++ b/2025/21xxx/CVE-2025-21081.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21081", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Protection Mechanism Failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2025/21xxx/CVE-2025-21094.json b/2025/21xxx/CVE-2025-21094.json index ee256fb7326..e47d9c72c8a 100644 --- a/2025/21xxx/CVE-2025-21094.json +++ b/2025/21xxx/CVE-2025-21094.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP boards", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/21xxx/CVE-2025-21099.json b/2025/21xxx/CVE-2025-21099.json index 7c6c18d3ef0..b6917afe236 100644 --- a/2025/21xxx/CVE-2025-21099.json +++ b/2025/21xxx/CVE-2025-21099.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21099", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/21xxx/CVE-2025-21100.json b/2025/21xxx/CVE-2025-21100.json index 54d28919ebb..5b91fabb21c 100644 --- a/2025/21xxx/CVE-2025-21100.json +++ b/2025/21xxx/CVE-2025-21100.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Improper Initialization", + "cweId": "CWE-665" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP boards", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/22xxx/CVE-2025-22446.json b/2025/22xxx/CVE-2025-22446.json index f0c163232fe..0ba47ca5224 100644 --- a/2025/22xxx/CVE-2025-22446.json +++ b/2025/22xxx/CVE-2025-22446.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22446", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2025/22xxx/CVE-2025-22448.json b/2025/22xxx/CVE-2025-22448.json index da4ec66aaed..b477a3e40ff 100644 --- a/2025/22xxx/CVE-2025-22448.json +++ b/2025/22xxx/CVE-2025-22448.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Insecure Inherited Permissions", + "cweId": "CWE-277" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Simics(R) Package Manager software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/22xxx/CVE-2025-22843.json b/2025/22xxx/CVE-2025-22843.json index 26670372c23..a6be79fcd1b 100644 --- a/2025/22xxx/CVE-2025-22843.json +++ b/2025/22xxx/CVE-2025-22843.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Execution-Assigned Permissions", + "cweId": "CWE-279" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/22xxx/CVE-2025-22844.json b/2025/22xxx/CVE-2025-22844.json index 52c57f74ac7..317df9da1f2 100644 --- a/2025/22xxx/CVE-2025-22844.json +++ b/2025/22xxx/CVE-2025-22844.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/22xxx/CVE-2025-22848.json b/2025/22xxx/CVE-2025-22848.json index db7ded861b0..f9ecaa802f3 100644 --- a/2025/22xxx/CVE-2025-22848.json +++ b/2025/22xxx/CVE-2025-22848.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2025/22xxx/CVE-2025-22892.json b/2025/22xxx/CVE-2025-22892.json index b94847c8a05..077f993fc1f 100644 --- a/2025/22xxx/CVE-2025-22892.json +++ b/2025/22xxx/CVE-2025-22892.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption for some OpenVINO\u2122 model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + }, + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenVINO\u2122 model server software maintained by Intel(R)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01272.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01272.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/22xxx/CVE-2025-22895.json b/2025/22xxx/CVE-2025-22895.json index 2e9dd7f00ba..488f785427c 100644 --- a/2025/22xxx/CVE-2025-22895.json +++ b/2025/22xxx/CVE-2025-22895.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/23xxx/CVE-2025-23233.json b/2025/23xxx/CVE-2025-23233.json index dc5dd4462a7..f193319d229 100644 --- a/2025/23xxx/CVE-2025-23233.json +++ b/2025/23xxx/CVE-2025-23233.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23233", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Incorrect Execution-Assigned Permissions", + "cweId": "CWE-279" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2025/24xxx/CVE-2025-24308.json b/2025/24xxx/CVE-2025-24308.json index 4088cdc042c..65785cabcea 100644 --- a/2025/24xxx/CVE-2025-24308.json +++ b/2025/24xxx/CVE-2025-24308.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + }, + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server D50DNP and M50FCP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2025/24xxx/CVE-2025-24495.json b/2025/24xxx/CVE-2025-24495.json index a8eab2491ee..e7bea1dea34 100644 --- a/2025/24xxx/CVE-2025-24495.json +++ b/2025/24xxx/CVE-2025-24495.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core\u2122 Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + }, + { + "lang": "eng", + "value": "Incorrect Initialization of Resource", + "cweId": "CWE-1419" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Core\u2122 Ultra Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html", + "refsource": "MISC", + "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2025/26xxx/CVE-2025-26646.json b/2025/26xxx/CVE-2025-26646.json index 0022e279145..7a223c75578 100644 --- a/2025/26xxx/CVE-2025-26646.json +++ b/2025/26xxx/CVE-2025-26646.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": ".NET 8.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0.0", + "version_value": "8.0.16" + } + ] + } + }, + { + "product_name": ".NET 9.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0.0", + "version_value": "9.0.5" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "17.12.8" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.13", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.13.7" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.8.0", + "version_value": "17.8.21" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.10.14" + } + ] + } + }, + { + "product_name": "Build Tools for Visual Studio 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "Fixed Version 17.13.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/32xxx/CVE-2025-32052.json b/2025/32xxx/CVE-2025-32052.json index 9e2bcf55a21..1492020da13 100644 --- a/2025/32xxx/CVE-2025-32052.json +++ b/2025/32xxx/CVE-2025-32052.json @@ -91,6 +91,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.72.0-10.el9_6.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -158,19 +179,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -200,6 +208,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:4568" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7436", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7436" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-32052", "refsource": "MISC", diff --git a/2025/32xxx/CVE-2025-32053.json b/2025/32xxx/CVE-2025-32053.json index 4d78492479a..cb7a1c6f411 100644 --- a/2025/32xxx/CVE-2025-32053.json +++ b/2025/32xxx/CVE-2025-32053.json @@ -91,6 +91,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.72.0-10.el9_6.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -158,19 +179,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -200,6 +208,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:4568" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7436", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7436" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-32053", "refsource": "MISC", diff --git a/2025/32xxx/CVE-2025-32907.json b/2025/32xxx/CVE-2025-32907.json index 5dfb70842d1..d1cbdf888a0 100644 --- a/2025/32xxx/CVE-2025-32907.json +++ b/2025/32xxx/CVE-2025-32907.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.72.0-10.el9_6.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "version": { @@ -136,19 +157,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -173,6 +181,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:4508" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7436", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7436" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-32907", "refsource": "MISC", diff --git a/2025/46xxx/CVE-2025-46420.json b/2025/46xxx/CVE-2025-46420.json index 68e39388190..7fd469c1172 100644 --- a/2025/46xxx/CVE-2025-46420.json +++ b/2025/46xxx/CVE-2025-46420.json @@ -238,6 +238,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.72.0-10.el9_6.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "version": { @@ -326,19 +347,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -388,6 +396,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:4624" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7436", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7436" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-46420", "refsource": "MISC", diff --git a/2025/46xxx/CVE-2025-46421.json b/2025/46xxx/CVE-2025-46421.json index 01e88e569cd..d847c7a2e00 100644 --- a/2025/46xxx/CVE-2025-46421.json +++ b/2025/46xxx/CVE-2025-46421.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 10", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.6.5-3.el10_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -238,6 +259,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.72.0-10.el9_6.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "version": { @@ -326,19 +368,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -388,6 +417,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:4624" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7436", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7436" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:7505", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:7505" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-46421", "refsource": "MISC", diff --git a/2025/47xxx/CVE-2025-47905.json b/2025/47xxx/CVE-2025-47905.json new file mode 100644 index 00000000000..c7d68322748 --- /dev/null +++ b/2025/47xxx/CVE-2025-47905.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-47905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://varnish-cache.org/security/VSV00016.html", + "refsource": "MISC", + "name": "https://varnish-cache.org/security/VSV00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4574.json b/2025/4xxx/CVE-2025-4574.json index 98d36ae4023..a022c38a501 100644 --- a/2025/4xxx/CVE-2025-4574.json +++ b/2025/4xxx/CVE-2025-4574.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-4574", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-4574" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358890", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2358890" + }, + { + "url": "https://github.com/crossbeam-rs/crossbeam/pull/1187", + "refsource": "MISC", + "name": "https://github.com/crossbeam-rs/crossbeam/pull/1187" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4668.json b/2025/4xxx/CVE-2025-4668.json index 7f7f63bac9c..b388f603cc5 100644 --- a/2025/4xxx/CVE-2025-4668.json +++ b/2025/4xxx/CVE-2025-4668.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage." } ] }