diff --git a/2019/14xxx/CVE-2019-14556.json b/2019/14xxx/CVE-2019-14556.json new file mode 100644 index 00000000000..e522a4dad21 --- /dev/null +++ b/2019/14xxx/CVE-2019-14556.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14556", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14557.json b/2019/14xxx/CVE-2019-14557.json new file mode 100644 index 00000000000..5d26a49bba8 --- /dev/null +++ b/2019/14xxx/CVE-2019-14557.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14557", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14558.json b/2019/14xxx/CVE-2019-14558.json new file mode 100644 index 00000000000..2bf37256f4b --- /dev/null +++ b/2019/14xxx/CVE-2019-14558.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14558", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0571.json b/2020/0xxx/CVE-2020-0571.json new file mode 100644 index 00000000000..43eb1150b25 --- /dev/null +++ b/2020/0xxx/CVE-2020-0571.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0571", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12302.json b/2020/12xxx/CVE-2020-12302.json index 7e03def0306..570ae924a60 100644 --- a/2020/12xxx/CVE-2020-12302.json +++ b/2020/12xxx/CVE-2020-12302.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Driver & Support Assistant", + "version": { + "version_data": [ + { + "version_value": "before version 20.7.26.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00405.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00405.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access." } ] } diff --git a/2020/25xxx/CVE-2020-25635.json b/2020/25xxx/CVE-2020-25635.json index 8968f1baab6..57744437a63 100644 --- a/2020/25xxx/CVE-2020-25635.json +++ b/2020/25xxx/CVE-2020-25635.json @@ -4,15 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AWS Community", + "product": { + "product_data": [ + { + "product_name": "Community Collections", + "version": { + "version_data": [ + { + "version_value": "from 1.0.0 to 1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ansible-collections/community.aws/issues/222", + "refsource": "MISC", + "name": "https://github.com/ansible-collections/community.aws/issues/222" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26061.json b/2020/26xxx/CVE-2020-26061.json index 2d8d50d8071..8939c8d79f2 100644 --- a/2020/26xxx/CVE-2020-26061.json +++ b/2020/26xxx/CVE-2020-26061.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26061", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26061", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx", + "refsource": "MISC", + "name": "https://www.clickstudios.com.au/passwordstate-changelog.aspx" } ] } diff --git a/2020/4xxx/CVE-2020-4493.json b/2020/4xxx/CVE-2020-4493.json index ab23fc54c34..4ed800f0c1b 100644 --- a/2020/4xxx/CVE-2020-4493.json +++ b/2020/4xxx/CVE-2020-4493.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-01T00:00:00", - "ID" : "CVE-2020-4493", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995." - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "PR" : "N", - "AC" : "L", - "A" : "H", - "S" : "U", - "UI" : "N", - "SCORE" : "9.800", - "I" : "H", - "C" : "H", - "AV" : "N" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Bypass Security", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-01T00:00:00", + "ID": "CVE-2020-4493", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6.0" - }, - { - "version_value" : "7.6.1" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995." } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6340281 (Maximo Asset Management)", - "url" : "https://www.ibm.com/support/pages/node/6340281", - "name" : "https://www.ibm.com/support/pages/node/6340281", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-maximo-cve20204493-auth-bypass (181995)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "PR": "N", + "AC": "L", + "A": "H", + "S": "U", + "UI": "N", + "SCORE": "9.800", + "I": "H", + "C": "H", + "AV": "N" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Bypass Security", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6.0" + }, + { + "version_value": "7.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6340281 (Maximo Asset Management)", + "url": "https://www.ibm.com/support/pages/node/6340281", + "name": "https://www.ibm.com/support/pages/node/6340281", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "name": "ibm-maximo-cve20204493-auth-bypass (181995)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8182.json b/2020/8xxx/CVE-2020-8182.json index 4e192b72013..598190b60b5 100644 --- a/2020/8xxx/CVE-2020-8182.json +++ b/2020/8xxx/CVE-2020-8182.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Deck", + "version": { + "version_data": [ + { + "version_value": "Fixed in 0.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/827816", + "url": "https://hackerone.com/reports/827816" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-025", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-025" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves." } ] } diff --git a/2020/8xxx/CVE-2020-8223.json b/2020/8xxx/CVE-2020-8223.json index 84e95e87d9e..270320f4c53 100644 --- a/2020/8xxx/CVE-2020-8223.json +++ b/2020/8xxx/CVE-2020-8223.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "Fixed in 19.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management (CWE-269)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/889243", + "url": "https://hackerone.com/reports/889243" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-029", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-029" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves." } ] } diff --git a/2020/8xxx/CVE-2020-8228.json b/2020/8xxx/CVE-2020-8228.json index a067c9b12ab..8513a4f9568 100644 --- a/2020/8xxx/CVE-2020-8228.json +++ b/2020/8xxx/CVE-2020-8228.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Preferred Provider", + "version": { + "version_data": [ + { + "version_value": "Fixed in 1.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Business Logic Errors (CWE-840)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/922470", + "url": "https://hackerone.com/reports/922470" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-033", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-033" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times." } ] } diff --git a/2020/8xxx/CVE-2020-8235.json b/2020/8xxx/CVE-2020-8235.json index 15cdb70b86a..d599c121652 100644 --- a/2020/8xxx/CVE-2020-8235.json +++ b/2020/8xxx/CVE-2020-8235.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Deck app", + "version": { + "version_data": [ + { + "version_value": "Fixed in 1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/916704", + "url": "https://hackerone.com/reports/916704" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments." } ] } diff --git a/2020/8xxx/CVE-2020-8671.json b/2020/8xxx/CVE-2020-8671.json index 2af69f33d80..0ea4a211d46 100644 --- a/2020/8xxx/CVE-2020-8671.json +++ b/2020/8xxx/CVE-2020-8671.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel BIOS", + "version": { + "version_data": [ + { + "version_value": "8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access." } ] }