admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-13 17:00:37 +00:00
parent dca350719a
commit e4d99a9ca2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
44 changed files with 7542 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

624
2021/26xxx/CVE-2021-26344.json
View File

@ -1,17 +1,633 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7001 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.C"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.3"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "Various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

396
2021/26xxx/CVE-2021-26367.json
View File

@ -1,17 +1,405 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26367",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

698
2021/26xxx/CVE-2021-26387.json
View File

@ -1,17 +1,707 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7001 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.8.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.9"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}

750
2021/46xxx/CVE-2021-46746.json
View File

@ -1,17 +1,759 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46746",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7001 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7002 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "ComboAM5 1.0.8.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "PollockPI-FT5 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

615
2021/46xxx/CVE-2021-46772.json
View File

@ -1,17 +1,624 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.E",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.3"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}

194
2022/23xxx/CVE-2022-23815.json
View File

@ -1,17 +1,203 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD RyzenTM Embedded R1000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD RyzenTM Embedded R2000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD RyzenTM Embedded V1000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

573
2022/23xxx/CVE-2022-23817.json
View File

@ -1,17 +1,582 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V1 1.0.0.A/ComboAM4V2 1.2.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.8.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.5"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

142
2023/20xxx/CVE-2023-20509.json
View File

@ -1,17 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 RX 7000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W7000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
]
}

104
2023/20xxx/CVE-2023-20510.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

104
2023/20xxx/CVE-2023-20512.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

104
2023/20xxx/CVE-2023-20513.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20513",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

595
2023/20xxx/CVE-2023-20518.json
View File

@ -1,17 +1,604 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 9004 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.4",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V1 1.0.0.A"
},
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
},
{
"status": "unaffected",
"version": "ComboAM4V1 1.0.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.B"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.3"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.5"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

353
2023/20xxx/CVE-2023-20578.json
View File

@ -1,17 +1,362 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7001 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7002 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 3000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 9003",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 7000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD RyzenTM Embedded V3000",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

106
2023/20xxx/CVE-2023-20584.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7003 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

144
2023/20xxx/CVE-2023-20591.json
View File

@ -1,17 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "Genoa 1.0.0.8"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.3"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

104
2023/31xxx/CVE-2023-31304.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) \u00a0 \u00a0 to modify the PCIe\u00ae lane count and speed, potentially leading to a loss of availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

104
2023/31xxx/CVE-2023-31305.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

104
2023/31xxx/CVE-2023-31307.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

104
2023/31xxx/CVE-2023-31310.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the \"set temperature input selection\" command, potentially resulting in a loss of integrity and/or availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

89
2023/31xxx/CVE-2023-31339.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31339",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in ARM\u00ae Trusted Firmware used in AMD\u2019s Zynq\u2122 UltraScale+\u2122) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "Zynq\u2122 UltraScale+\u2122 MPSoC/RFSoC",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
]
}

80
2023/31xxx/CVE-2023-31341.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2023/31xxx/CVE-2023-31348.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31348",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A DLL hijacking vulnerability in AMD \u03bcProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

80
2023/31xxx/CVE-2023-31349.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect default permissions in the AMD \u03bcProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

106
2023/31xxx/CVE-2023-31356.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7003 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 9004 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

80
2023/31xxx/CVE-2023-31366.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31366",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in AMD \u03bcProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

87
2024/1xxx/CVE-2024-1394.json
View File

@ -161,45 +161,17 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8100020240808093819.afee755d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -593,7 +565,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9",
"version": "0:1.25.5-13.1.rhaos4.12.git76343da.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -621,7 +593,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.14.0-5.2.rhaos4.12.el9",
"version": "0:2.14.0-7.1.rhaos4.12.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -796,7 +768,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:1.1.12-1.1.rhaos4.13.el8",
"version": "4:1.1.12-1.1.rhaos4.13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -810,7 +782,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.2-2.2.rhaos4.13.el8",
"version": "2:1.11.2-2.2.rhaos4.13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -873,7 +845,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.0-3.1.el8",
"version": "0:1.27.0-3.1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -929,7 +901,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-11.3.rhaos4.14.el8",
"version": "3:4.4.1-11.3.rhaos4.14.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -943,7 +915,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.2-10.3.rhaos4.14.el8",
"version": "2:1.11.2-10.3.rhaos4.14.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -985,7 +957,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:2.1.7-3.4.rhaos4.14.el9",
"version": "3:2.1.7-3.4.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1013,7 +985,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8",
"version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1027,7 +999,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.0-3.2.el8",
"version": "0:1.27.0-3.2.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1055,7 +1027,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8",
"version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1097,7 +1069,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8",
"version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1153,7 +1125,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:1.1.12-1.2.rhaos4.14.el9",
"version": "4:1.1.12-1.2.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1167,7 +1139,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.2-10.4.rhaos4.14.el9",
"version": "2:1.11.2-10.4.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1216,7 +1188,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.29.1-20.3.rhaos4.15.el9",
"version": "1:1.29.1-20.3.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1258,7 +1230,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9",
"version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1272,7 +1244,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.28.0-3.1.el8",
"version": "0:1.28.0-3.1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1328,7 +1300,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-21.1.rhaos4.15.el9",
"version": "3:4.4.1-21.1.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1356,7 +1328,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.2-21.2.rhaos4.15.el9",
"version": "2:1.11.2-21.2.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -2096,6 +2068,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5258",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1394",
"refsource": "MISC",

460
2024/21xxx/CVE-2024-21981.json
View File

@ -1,17 +1,469 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "AMD EPYC\u2122 7001 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html",
"refsource": "MISC",
"name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

4
2024/23xxx/CVE-2024-23600.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
"value": "Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "OPENIDM",
"product_name": "PingIDM",
"version": {
"version_data": [
{

56
2024/36xxx/CVE-2024-36446.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0017",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0017"
}
]
}

135
2024/3xxx/CVE-2024-3727.json
View File

@ -35,6 +35,63 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8100020240808093819.afee755d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.14",
"version": {
@ -428,79 +485,6 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
@ -933,6 +917,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5258",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

56
2024/41xxx/CVE-2024-41613.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OoLs5/VulDiscovery/blob/main/symphony_xss_vul.pdf",
"refsource": "MISC",
"name": "https://github.com/OoLs5/VulDiscovery/blob/main/symphony_xss_vul.pdf"
}
]
}

56
2024/41xxx/CVE-2024-41614.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OoLs5/VulDiscovery/blob/main/Symphony_CMS_XSS.pdf",
"refsource": "MISC",
"name": "https://github.com/OoLs5/VulDiscovery/blob/main/Symphony_CMS_XSS.pdf"
}
]
}

5
2024/41xxx/CVE-2024-41710.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md",
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md"
},
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019"
}
]
}

56
2024/41xxx/CVE-2024-41711.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0020",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0020"
}
]
}

100
2024/6xxx/CVE-2024-6618.json
View File

@ -1,18 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL)."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ocean Data Systems",
"product": {
"product_data": [
{
"product_name": "Dream Report 2023",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "23.0.17795.1010"
}
]
}
}
]
}
},
{
"vendor_name": "AVEVA",
"product": {
"product_data": [
{
"product_name": "Reports for Operations",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "23.0.17795.1010"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Ocean Data Systems recommends users update to the following:</p><ul><li>Dream Report 2023 R2: Version 23.3.18952.0523</li></ul><p>For more information, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://dreamreport.net/\">Dream Report Version 2023 R2 Released</a>.</p><p>AVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:</p><ul><li>Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=247ce8d6-0f2e-498c-9024-58c96bb6d8de\">AVEVA Reports for Operations 2023 R2</a>&nbsp;or later</li></ul><p>For more information, see security bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf\">AVEVA-2024-006</a>.</p>\n\n<br>"
}
],
"value": "Ocean Data Systems recommends users update to the following:\n\n * Dream Report 2023 R2: Version 23.3.18952.0523\n\n\nFor more information, see Dream Report Version 2023 R2 Released https://dreamreport.net/ .\n\nAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\n\n * Update to AVEVA Reports for Operations 2023 R2 https://softwaresupportsp.aveva.com/#/producthub/details \u00a0or later\n\n\nFor more information, see security bulletin AVEVA-2024-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf ."
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Team82 reported these vulnerabilities to CISA."
}
]
}

100
2024/6xxx/CVE-2024-6619.json
View File

@ -1,18 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ocean Data Systems",
"product": {
"product_data": [
{
"product_name": "Dream Report 2023",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "23.0.17795.1010"
}
]
}
}
]
}
},
{
"vendor_name": "AVEVA",
"product": {
"product_data": [
{
"product_name": "Reports for Operations 2023",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "23.0.17795.1010"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Ocean Data Systems recommends users update to the following:</p><ul><li>Dream Report 2023 R2: Version 23.3.18952.0523</li></ul><p>For more information, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://dreamreport.net/\">Dream Report Version 2023 R2 Released</a>.</p><p>AVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:</p><ul><li>Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=247ce8d6-0f2e-498c-9024-58c96bb6d8de\">AVEVA Reports for Operations 2023 R2</a>&nbsp;or later</li></ul><p>For more information, see security bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf\">AVEVA-2024-006</a>.</p>\n\n<br>"
}
],
"value": "Ocean Data Systems recommends users update to the following:\n\n * Dream Report 2023 R2: Version 23.3.18952.0523\n\n\nFor more information, see Dream Report Version 2023 R2 Released https://dreamreport.net/ .\n\nAVEVA recommends users of affected versions upgrade to the versions listed below and apply the corresponding security update:\n\n * Update to AVEVA Reports for Operations 2023 R2 https://softwaresupportsp.aveva.com/#/producthub/details \u00a0or later\n\n\nFor more information, see security bulletin AVEVA-2024-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-006.pdf ."
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Team82 reported these vulnerabilities to CISA."
}
]
}

142
2024/7xxx/CVE-2024-7113.json
View File

@ -1,18 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVEVA",
"product": {
"product_data": [
{
"product_name": "SuiteLink Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.7.0"
}
]
}
},
{
"product_name": "Historian",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 R2 P01"
}
]
}
},
{
"product_name": "InTouch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 R2 P01"
}
]
}
},
{
"product_name": "Application Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 R2 P01"
}
]
}
},
{
"product_name": "Communication Drivers Pack",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 R2"
}
]
}
},
{
"product_name": "Batch Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.</p><p>All impacted products and affected versions can be fixed by installing <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=afeb5492-f764-4af3-b408-acc4c991f699\">SuiteLink v3.7.100</a>.</p><p>AVEVA recommends the following general defensive measures:</p><ul><li>Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.</li></ul><p>For more information, see AVEVA's Security Bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf\">AVEVA-2024-007</a>.</p>\n\n<br>"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\n\nAll impacted products and affected versions can be fixed by installing SuiteLink v3.7.100 https://softwaresupportsp.aveva.com/#/producthub/details .\n\nAVEVA recommends the following general defensive measures:\n\n * Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\n\n\nFor more information, see AVEVA's Security Bulletin AVEVA-2024-007 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf ."
}
],
"credits": [
{
"lang": "en",
"value": "DOE CESER's CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA."
}
]
}

18
2024/7xxx/CVE-2024-7748.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7749.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7750.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7751.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7752.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7753.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7754.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}