From 00d2a99da65d417c33bd971fa0180826981c4d0b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 26 Feb 2021 16:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11684.json | 78 ++++++++++++++++++++++++++++--- 2020/24xxx/CVE-2020-24686.json | 79 ++++++++++++++++++++++++++++--- 2021/23xxx/CVE-2021-23964.json | 85 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23965.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23978.json | 85 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23979.json | 55 ++++++++++++++++++++-- 6 files changed, 413 insertions(+), 24 deletions(-) diff --git a/2019/11xxx/CVE-2019-11684.json b/2019/11xxx/CVE-2019-11684.json index d56c4551c7d..b9e1ed0c4ed 100644 --- a/2019/11xxx/CVE-2019-11684.json +++ b/2019/11xxx/CVE-2019-11684.json @@ -1,18 +1,84 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11684", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11684", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in Bosch Video Recording Manager", + "DATE_PUBLIC": "2019-05-09" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-804652.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-804652.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-804652-BT", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24686.json b/2020/24xxx/CVE-2020-24686.json index 58ac14628fc..b51201576ab 100644 --- a/2020/24xxx/CVE-2020-24686.json +++ b/2020/24xxx/CVE-2020-24686.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", "ID": "CVE-2020-24686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AC500 V2 webserver denial of service vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABB", + "product": { + "product_data": [ + { + "product_name": "AC500 V2 products with onboard Ethernet", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23964.json b/2021/23xxx/CVE-2021-23964.json index 3aa38a80d63..6c6c7bf9eab 100644 --- a/2021/23xxx/CVE-2021-23964.json +++ b/2021/23xxx/CVE-2021-23964.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7." } ] } diff --git a/2021/23xxx/CVE-2021-23965.json b/2021/23xxx/CVE-2021-23965.json index c52b1d9c1b7..25a33c3f765 100644 --- a/2021/23xxx/CVE-2021-23965.json +++ b/2021/23xxx/CVE-2021-23965.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 85" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1670378%2C1673555%2C1676812%2C1678582%2C1684497", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1670378%2C1673555%2C1676812%2C1678582%2C1684497" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23978.json b/2021/23xxx/CVE-2021-23978.json index 198737bb6a2..6d9a3768607 100644 --- a/2021/23xxx/CVE-2021-23978.json +++ b/2021/23xxx/CVE-2021-23978.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 86" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "< 78.8" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "< 78.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=786797%2C1682928%2C1687391%2C1687597", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=786797%2C1682928%2C1687391%2C1687597" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8." } ] } diff --git a/2021/23xxx/CVE-2021-23979.json b/2021/23xxx/CVE-2021-23979.json index febef821c70..8a2a69899f9 100644 --- a/2021/23xxx/CVE-2021-23979.json +++ b/2021/23xxx/CVE-2021-23979.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 86" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 86" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86." } ] }