diff --git a/2020/13xxx/CVE-2020-13266.json b/2020/13xxx/CVE-2020-13266.json index 9c88640cedf..da2016bfbc6 100644 --- a/2020/13xxx/CVE-2020-13266.json +++ b/2020/13xxx/CVE-2020-13266.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.8, <12.9.8" + }, + { + "version_value": ">=12.10, <12.10.7" + }, + { + "version_value": ">=13.0, <13.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/208449", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/208449", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13266.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13266.json", + "refsource": "CONFIRM" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions" } ] - } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab Security Team" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13818.json b/2020/13xxx/CVE-2020-13818.json index 3a0a31fba75..a36274935cc 100644 --- a/2020/13xxx/CVE-2020-13818.json +++ b/2020/13xxx/CVE-2020-13818.json @@ -56,6 +56,11 @@ "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html", "refsource": "MISC", "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-691/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-691/" } ] } diff --git a/2020/3xxx/CVE-2020-3843.json b/2020/3xxx/CVE-2020-3843.json index 965491e9c22..d9c7cc34fb6 100644 --- a/2020/3xxx/CVE-2020-3843.json +++ b/2020/3xxx/CVE-2020-3843.json @@ -15,12 +15,23 @@ "product": { "product_data": [ { - "product_name": "macOS", + "product_name": "iOS-1", "version": { "version_data": [ { "version_affected": "<", - "version_value": "macOS Catalina 10.15.3" + "version_value": "iOS 12.4.7" + } + ] + } + }, + { + "product_name": "watchOS-1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.3.7" } ] } @@ -46,34 +57,14 @@ "references": { "reference_data": [ { - "url": "https://support.apple.com/HT210919", + "url": "https://support.apple.com/HT211176", "refsource": "MISC", - "name": "https://support.apple.com/HT210919" + "name": "https://support.apple.com/HT211176" }, { + "url": "https://support.apple.com/HT211169", "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html", - "url": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html" - }, - { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT211169", - "url": "https://support.apple.com/kb/HT211169" - }, - { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT211176", - "url": "https://support.apple.com/kb/HT211176" - }, - { - "refsource": "FULLDISC", - "name": "20200529 APPLE-SA-2020-05-26-2 iOS 12.4.7", - "url": "http://seclists.org/fulldisclosure/2020/May/48" - }, - { - "refsource": "FULLDISC", - "name": "20200529 APPLE-SA-2020-05-26-6 watchOS 5.3.7", - "url": "http://seclists.org/fulldisclosure/2020/May/50" + "name": "https://support.apple.com/HT211169" } ] }, @@ -81,7 +72,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory." } ] } diff --git a/2020/3xxx/CVE-2020-3882.json b/2020/3xxx/CVE-2020-3882.json index b2366c794e1..5cb3a5f1e33 100644 --- a/2020/3xxx/CVE-2020-3882.json +++ b/2020/3xxx/CVE-2020-3882.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Importing a maliciously crafted calendar invitation may exfiltrate user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/HT211170" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information." } ] } diff --git a/2020/9xxx/CVE-2020-9792.json b/2020/9xxx/CVE-2020-9792.json index 8d8e37895be..ed81d923e57 100644 --- a/2020/9xxx/CVE-2020-9792.json +++ b/2020/9xxx/CVE-2020-9792.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.5 and iPadOS 13.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A USB device may be able to cause a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211170", + "refsource": "MISC", + "name": "https://support.apple.com/HT211170" + }, + { + "url": "https://support.apple.com/HT211168", + "refsource": "MISC", + "name": "https://support.apple.com/HT211168" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service." } ] }