From 06662ad3e4d144bdffc177ada6a42ce8b78a3f6d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Dec 2021 20:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/13xxx/CVE-2017-13835.json | 59 +++++++++++++-- 2017/13xxx/CVE-2017-13880.json | 75 +++++++++++++++++-- 2017/13xxx/CVE-2017-13892.json | 59 +++++++++++++-- 2017/13xxx/CVE-2017-13905.json | 107 +++++++++++++++++++++++++-- 2017/13xxx/CVE-2017-13906.json | 75 +++++++++++++++++-- 2017/13xxx/CVE-2017-13907.json | 59 +++++++++++++-- 2017/13xxx/CVE-2017-13908.json | 75 +++++++++++++++++-- 2017/13xxx/CVE-2017-13909.json | 59 +++++++++++++-- 2017/13xxx/CVE-2017-13910.json | 59 +++++++++++++-- 2017/2xxx/CVE-2017-2375.json | 59 +++++++++++++-- 2017/2xxx/CVE-2017-2488.json | 59 +++++++++++++-- 2018/4xxx/CVE-2018-4302.json | 123 +++++++++++++++++++++++++++++-- 2018/4xxx/CVE-2018-4478.json | 59 +++++++++++++-- 2019/8xxx/CVE-2019-8643.json | 59 +++++++++++++-- 2019/8xxx/CVE-2019-8702.json | 91 +++++++++++++++++++++-- 2019/8xxx/CVE-2019-8703.json | 107 +++++++++++++++++++++++++-- 2020/3xxx/CVE-2020-3886.json | 51 ++++++++++++- 2020/3xxx/CVE-2020-3896.json | 51 ++++++++++++- 2021/20xxx/CVE-2021-20318.json | 50 ++++++++++++- 2021/22xxx/CVE-2021-22657.json | 89 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23198.json | 89 ++++++++++++++++++++-- 2021/27xxx/CVE-2021-27006.json | 50 ++++++++++++- 2021/27xxx/CVE-2021-27007.json | 50 ++++++++++++- 2021/30xxx/CVE-2021-30767.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30897.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30904.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30923.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30924.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30926.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30927.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30929.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30930.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30931.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30932.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30934.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30935.json | 67 ++++++++++++++++- 2021/30xxx/CVE-2021-30936.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30937.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30938.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30939.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30940.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30941.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30942.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30945.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30946.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30947.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30948.json | 51 ++++++++++++- 2021/30xxx/CVE-2021-30949.json | 131 ++++++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30950.json | 83 ++++++++++++++++++++- 2021/30xxx/CVE-2021-30951.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30952.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30953.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30954.json | 115 ++++++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30957.json | 99 ++++++++++++++++++++++++- 2021/30xxx/CVE-2021-30959.json | 67 ++++++++++++++++- 2021/30xxx/CVE-2021-30961.json | 67 ++++++++++++++++- 2021/35xxx/CVE-2021-35243.json | 91 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3584.json | 60 ++++++++++++++- 2021/43xxx/CVE-2021-43981.json | 89 ++++++++++++++++++++-- 2021/43xxx/CVE-2021-43984.json | 89 ++++++++++++++++++++-- 2021/43xxx/CVE-2021-43985.json | 89 ++++++++++++++++++++-- 2021/43xxx/CVE-2021-43987.json | 89 ++++++++++++++++++++-- 2021/43xxx/CVE-2021-43989.json | 89 ++++++++++++++++++++-- 2021/44xxx/CVE-2021-44453.json | 89 ++++++++++++++++++++-- 2021/44xxx/CVE-2021-44540.json | 55 +++++++++++++- 2021/44xxx/CVE-2021-44541.json | 55 +++++++++++++- 2021/44xxx/CVE-2021-44542.json | 55 +++++++++++++- 2021/44xxx/CVE-2021-44543.json | 55 +++++++++++++- 2021/45xxx/CVE-2021-45463.json | 12 ++- 2021/4xxx/CVE-2021-4024.json | 55 +++++++++++++- 70 files changed, 5394 insertions(+), 299 deletions(-) diff --git a/2017/13xxx/CVE-2017-13835.json b/2017/13xxx/CVE-2017-13835.json index a726d8d3847..b2b50c9d880 100644 --- a/2017/13xxx/CVE-2017-13835.json +++ b/2017/13xxx/CVE-2017-13835.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13835", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13835", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with elevated privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges." } ] } diff --git a/2017/13xxx/CVE-2017-13880.json b/2017/13xxx/CVE-2017-13880.json index d25562a06f3..b5088694eea 100644 --- a/2017/13xxx/CVE-2017-13880.json +++ b/2017/13xxx/CVE-2017-13880.json @@ -1,17 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13880", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13880", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.2" + } + ] + } + }, + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208325", + "name": "https://support.apple.com/en-us/HT208325" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208334", + "name": "https://support.apple.com/en-us/HT208334" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege." } ] } diff --git a/2017/13xxx/CVE-2017-13892.json b/2017/13xxx/CVE-2017-13892.json index 13f99848c1d..f652036d36d 100644 --- a/2017/13xxx/CVE-2017-13892.json +++ b/2017/13xxx/CVE-2017-13892.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13892", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13892", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sharing contact information may lead to unexpected data sharing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208331", + "name": "https://support.apple.com/en-us/HT208331" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing." } ] } diff --git a/2017/13xxx/CVE-2017-13905.json b/2017/13xxx/CVE-2017-13905.json index bc4b1000278..9e52691e93c 100644 --- a/2017/13xxx/CVE-2017-13905.json +++ b/2017/13xxx/CVE-2017-13905.json @@ -1,17 +1,110 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13905", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13905", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to gain elevated privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208325", + "name": "https://support.apple.com/en-us/HT208325" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208327", + "name": "https://support.apple.com/en-us/HT208327" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208334", + "name": "https://support.apple.com/en-us/HT208334" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208331", + "name": "https://support.apple.com/en-us/HT208331" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges." } ] } diff --git a/2017/13xxx/CVE-2017-13906.json b/2017/13xxx/CVE-2017-13906.json index d43a0f76091..f95b0f40b06 100644 --- a/2017/13xxx/CVE-2017-13906.json +++ b/2017/13xxx/CVE-2017-13906.json @@ -1,17 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13906", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13906", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208221", + "name": "https://support.apple.com/en-us/HT208221" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges." } ] } diff --git a/2017/13xxx/CVE-2017-13907.json b/2017/13xxx/CVE-2017-13907.json index 0117693dcba..65a8f22a76c 100644 --- a/2017/13xxx/CVE-2017-13907.json +++ b/2017/13xxx/CVE-2017-13907.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13907", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13907", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The screen lock may unexpectedly remain unlocked" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208221", + "name": "https://support.apple.com/en-us/HT208221" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked." } ] } diff --git a/2017/13xxx/CVE-2017-13908.json b/2017/13xxx/CVE-2017-13908.json index a55857fe6f4..aef879b4500 100644 --- a/2017/13xxx/CVE-2017-13908.json +++ b/2017/13xxx/CVE-2017-13908.json @@ -1,17 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13908", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13908", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may be able to execute non-executable text files via an SMB share" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208221", + "name": "https://support.apple.com/en-us/HT208221" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share." } ] } diff --git a/2017/13xxx/CVE-2017-13909.json b/2017/13xxx/CVE-2017-13909.json index 6a72cf7680f..852eb366e49 100644 --- a/2017/13xxx/CVE-2017-13909.json +++ b/2017/13xxx/CVE-2017-13909.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13909", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13909", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may gain access to iCloud authentication tokens" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens." } ] } diff --git a/2017/13xxx/CVE-2017-13910.json b/2017/13xxx/CVE-2017-13910.json index 8a6aeee0141..055c6358966 100644 --- a/2017/13xxx/CVE-2017-13910.json +++ b/2017/13xxx/CVE-2017-13910.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13910", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13910", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to access restricted files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files." } ] } diff --git a/2017/2xxx/CVE-2017-2375.json b/2017/2xxx/CVE-2017-2375.json index cf63481e4c2..1c6c26216a8 100644 --- a/2017/2xxx/CVE-2017-2375.json +++ b/2017/2xxx/CVE-2017-2375.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2375", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2375", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Updates for CallKit call history are sent to iCloud" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT207482", + "name": "https://support.apple.com/en-us/HT207482" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud." } ] } diff --git a/2017/2xxx/CVE-2017-2488.json b/2017/2xxx/CVE-2017-2488.json index 4a5923ca37e..6391d0857f8 100644 --- a/2017/2xxx/CVE-2017-2488.json +++ b/2017/2xxx/CVE-2017-2488.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2488", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2488", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Apple Remote Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker may be able to capture cleartext passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT207622", + "name": "https://support.apple.com/en-us/HT207622" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords." } ] } diff --git a/2018/4xxx/CVE-2018-4302.json b/2018/4xxx/CVE-2018-4302.json index 09db36c58cb..1264c5a0bdc 100644 --- a/2018/4xxx/CVE-2018-4302.json +++ b/2018/4xxx/CVE-2018-4302.json @@ -1,17 +1,126 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4302", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4302", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.7" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208144", + "name": "https://support.apple.com/en-us/HT208144" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208112", + "name": "https://support.apple.com/en-us/HT208112" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208115", + "name": "https://support.apple.com/en-us/HT208115" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208141", + "name": "https://support.apple.com/en-us/HT208141" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208142", + "name": "https://support.apple.com/en-us/HT208142" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution." } ] } diff --git a/2018/4xxx/CVE-2018-4478.json b/2018/4xxx/CVE-2018-4478.json index f75979fd73d..cce87127418 100644 --- a/2018/4xxx/CVE-2018-4478.json +++ b/2018/4xxx/CVE-2018-4478.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4478", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4478", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker with physical access to a device may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT208849", + "name": "https://support.apple.com/en-us/HT208849" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges." } ] } diff --git a/2019/8xxx/CVE-2019-8643.json b/2019/8xxx/CVE-2019-8643.json index 5c33270f136..687708aef72 100644 --- a/2019/8xxx/CVE-2019-8643.json +++ b/2019/8xxx/CVE-2019-8643.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8643", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8643", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Description: A logic issue was addressed with improved state management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT209139", + "name": "https://support.apple.com/en-us/HT209139" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.." } ] } diff --git a/2019/8xxx/CVE-2019-8702.json b/2019/8xxx/CVE-2019-8702.json index 12e387fdabb..dd7ecbbd29c 100644 --- a/2019/8xxx/CVE-2019-8702.json +++ b/2019/8xxx/CVE-2019-8702.json @@ -1,17 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8702", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8702", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.14" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to read a persistent account identifier" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210348", + "name": "https://support.apple.com/en-us/HT210348" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210346", + "name": "https://support.apple.com/en-us/HT210346" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210351", + "name": "https://support.apple.com/en-us/HT210351" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier." } ] } diff --git a/2019/8xxx/CVE-2019-8703.json b/2019/8xxx/CVE-2019-8703.json index 520812dab37..0fc1e254a09 100644 --- a/2019/8xxx/CVE-2019-8703.json +++ b/2019/8xxx/CVE-2019-8703.json @@ -1,17 +1,110 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8703", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8703", + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + }, + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to gain elevated privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210634", + "name": "https://support.apple.com/en-us/HT210634" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210604", + "name": "https://support.apple.com/en-us/HT210604" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210606", + "name": "https://support.apple.com/en-us/HT210606" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT210607", + "name": "https://support.apple.com/en-us/HT210607" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3886.json b/2020/3xxx/CVE-2020-3886.json index 22fdd588035..8a9de40363c 100644 --- a/2020/3xxx/CVE-2020-3886.json +++ b/2020/3xxx/CVE-2020-3886.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211100", + "name": "https://support.apple.com/en-us/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2020/3xxx/CVE-2020-3896.json b/2020/3xxx/CVE-2020-3896.json index 94f070ba250..b7d4caa5eff 100644 --- a/2020/3xxx/CVE-2020-3896.json +++ b/2020/3xxx/CVE-2020-3896.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "10.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to overwrite arbitrary files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211100", + "name": "https://support.apple.com/en-us/HT211100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files." } ] } diff --git a/2021/20xxx/CVE-2021-20318.json b/2021/20xxx/CVE-2021-20318.json index b4f8b00fb68..468fb35b650 100644 --- a/2021/20xxx/CVE-2021-20318.json +++ b/2021/20xxx/CVE-2021-20318.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Artemis in EAP 7", + "version": { + "version_data": [ + { + "version_value": "7.3.9.GA, 7.4.0.GA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2010559", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010559" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage." } ] } diff --git a/2021/22xxx/CVE-2021-22657.json b/2021/22xxx/CVE-2021-22657.json index a0fd5391653..245e6e66517 100644 --- a/2021/22xxx/CVE-2021-22657.json +++ b/2021/22xxx/CVE-2021-22657.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-22657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23198.json b/2021/23xxx/CVE-2021-23198.json index bf5689ac7df..3ab2f6a87db 100644 --- a/2021/23xxx/CVE-2021-23198.json +++ b/2021/23xxx/CVE-2021-23198.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-23198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27006.json b/2021/27xxx/CVE-2021-27006.json index c4bc224fee5..7137b84c996 100644 --- a/2021/27xxx/CVE-2021-27006.json +++ b/2021/27xxx/CVE-2021-27006.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "StorageGRID (formerly StorageGRID Webscale)", + "version": { + "version_data": [ + { + "version_value": "Versions 11.5 prior to 11.5.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20211221-0001/", + "url": "https://security.netapp.com/advisory/ntap-20211221-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager." } ] } diff --git a/2021/27xxx/CVE-2021-27007.json b/2021/27xxx/CVE-2021-27007.json index b101672c0a3..70a23311270 100644 --- a/2021/27xxx/CVE-2021-27007.json +++ b/2021/27xxx/CVE-2021-27007.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NetApp Virtual Desktop Service (VDS)", + "version": { + "version_data": [ + { + "version_value": "NetApp Virtual Desktop Service (VDS) with Local Control Plane versions prior to 6.1.21356.1837" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20211223-0008/", + "url": "https://security.netapp.com/advisory/ntap-20211223-0008/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session." } ] } diff --git a/2021/30xxx/CVE-2021-30767.json b/2021/30xxx/CVE-2021-30767.json index 8e557763854..e43fd007501 100644 --- a/2021/30xxx/CVE-2021-30767.json +++ b/2021/30xxx/CVE-2021-30767.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system." } ] } diff --git a/2021/30xxx/CVE-2021-30897.json b/2021/30xxx/CVE-2021-30897.json index fca94528ea3..c5569dbffa1 100644 --- a/2021/30xxx/CVE-2021-30897.json +++ b/2021/30xxx/CVE-2021-30897.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30897", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious website may exfiltrate data cross-origin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin." } ] } diff --git a/2021/30xxx/CVE-2021-30904.json b/2021/30xxx/CVE-2021-30904.json index 599b04615a6..5615fc55a0b 100644 --- a/2021/30xxx/CVE-2021-30904.json +++ b/2021/30xxx/CVE-2021-30904.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30904", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user's messages may continue to sync after the user has signed out of iMessage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage." } ] } diff --git a/2021/30xxx/CVE-2021-30923.json b/2021/30xxx/CVE-2021-30923.json index 76c9839f286..5a6a3fd3bcd 100644 --- a/2021/30xxx/CVE-2021-30923.json +++ b/2021/30xxx/CVE-2021-30923.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30923", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30924.json b/2021/30xxx/CVE-2021-30924.json index a1e476742e2..be51a996ac7 100644 --- a/2021/30xxx/CVE-2021-30924.json +++ b/2021/30xxx/CVE-2021-30924.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30924", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker can cause a device to unexpectedly restart" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart." } ] } diff --git a/2021/30xxx/CVE-2021-30926.json b/2021/30xxx/CVE-2021-30926.json index 3e91ac0682a..ff0151af23d 100644 --- a/2021/30xxx/CVE-2021-30926.json +++ b/2021/30xxx/CVE-2021-30926.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30926", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30927.json b/2021/30xxx/CVE-2021-30927.json index 9ae890b24ed..e58a1f15233 100644 --- a/2021/30xxx/CVE-2021-30927.json +++ b/2021/30xxx/CVE-2021-30927.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30927", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30929.json b/2021/30xxx/CVE-2021-30929.json index ad78c2e6f07..1ee8b59bea7 100644 --- a/2021/30xxx/CVE-2021-30929.json +++ b/2021/30xxx/CVE-2021-30929.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30929", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may disclose memory contents" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents." } ] } diff --git a/2021/30xxx/CVE-2021-30930.json b/2021/30xxx/CVE-2021-30930.json index 5a2656d2cd1..d99fd553d3a 100644 --- a/2021/30xxx/CVE-2021-30930.json +++ b/2021/30xxx/CVE-2021-30930.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30930", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker may be able to track users through their IP address" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. An attacker may be able to track users through their IP address." } ] } diff --git a/2021/30xxx/CVE-2021-30931.json b/2021/30xxx/CVE-2021-30931.json index b4a74336eae..42c320e9355 100644 --- a/2021/30xxx/CVE-2021-30931.json +++ b/2021/30xxx/CVE-2021-30931.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30931", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.0" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212869", + "name": "https://support.apple.com/en-us/HT212869" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. A malicious application may be able to disclose kernel memory." } ] } diff --git a/2021/30xxx/CVE-2021-30932.json b/2021/30xxx/CVE-2021-30932.json index 3dd405eb470..906cd982a59 100644 --- a/2021/30xxx/CVE-2021-30932.json +++ b/2021/30xxx/CVE-2021-30932.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30932", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A person with physical access to an iOS device may be able to access contacts from the lock screen" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen." } ] } diff --git a/2021/30xxx/CVE-2021-30934.json b/2021/30xxx/CVE-2021-30934.json index fdc424b9485..9924687276a 100644 --- a/2021/30xxx/CVE-2021-30934.json +++ b/2021/30xxx/CVE-2021-30934.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30934", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30935.json b/2021/30xxx/CVE-2021-30935.json index 724ef363c61..411e6a50135 100644 --- a/2021/30xxx/CVE-2021-30935.json +++ b/2021/30xxx/CVE-2021-30935.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30935", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30936.json b/2021/30xxx/CVE-2021-30936.json index fd6aac0cb9b..fddbfbf4734 100644 --- a/2021/30xxx/CVE-2021-30936.json +++ b/2021/30xxx/CVE-2021-30936.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30936", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30937.json b/2021/30xxx/CVE-2021-30937.json index c24f61455c2..8a3a9dee016 100644 --- a/2021/30xxx/CVE-2021-30937.json +++ b/2021/30xxx/CVE-2021-30937.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30937", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30938.json b/2021/30xxx/CVE-2021-30938.json index c15a159ff78..0fd5a188963 100644 --- a/2021/30xxx/CVE-2021-30938.json +++ b/2021/30xxx/CVE-2021-30938.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30938", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local user may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory." } ] } diff --git a/2021/30xxx/CVE-2021-30939.json b/2021/30xxx/CVE-2021-30939.json index 594c1c60b5f..be9cd2c7c8e 100644 --- a/2021/30xxx/CVE-2021-30939.json +++ b/2021/30xxx/CVE-2021-30939.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30939", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30940.json b/2021/30xxx/CVE-2021-30940.json index b182be422c0..d79fe07aaea 100644 --- a/2021/30xxx/CVE-2021-30940.json +++ b/2021/30xxx/CVE-2021-30940.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30940", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may disclose memory contents" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents." } ] } diff --git a/2021/30xxx/CVE-2021-30941.json b/2021/30xxx/CVE-2021-30941.json index 6a4f74c1b0e..d0b1e73a2da 100644 --- a/2021/30xxx/CVE-2021-30941.json +++ b/2021/30xxx/CVE-2021-30941.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30941", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted USD file may disclose memory contents" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents." } ] } diff --git a/2021/30xxx/CVE-2021-30942.json b/2021/30xxx/CVE-2021-30942.json index c339b77a589..c00f719459d 100644 --- a/2021/30xxx/CVE-2021-30942.json +++ b/2021/30xxx/CVE-2021-30942.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30942", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30945.json b/2021/30xxx/CVE-2021-30945.json index 5dc68b86848..775d7d42c3a 100644 --- a/2021/30xxx/CVE-2021-30945.json +++ b/2021/30xxx/CVE-2021-30945.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30945", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A local attacker may be able to elevate their privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30946.json b/2021/30xxx/CVE-2021-30946.json index 2b210a4be19..b922e094e7b 100644 --- a/2021/30xxx/CVE-2021-30946.json +++ b/2021/30xxx/CVE-2021-30946.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30946", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to bypass certain Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences." } ] } diff --git a/2021/30xxx/CVE-2021-30947.json b/2021/30xxx/CVE-2021-30947.json index ce452b63a24..195d55f225c 100644 --- a/2021/30xxx/CVE-2021-30947.json +++ b/2021/30xxx/CVE-2021-30947.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30947", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to access a user's files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files." } ] } diff --git a/2021/30xxx/CVE-2021-30948.json b/2021/30xxx/CVE-2021-30948.json index 6d358064244..dfcf9ed86ca 100644 --- a/2021/30xxx/CVE-2021-30948.json +++ b/2021/30xxx/CVE-2021-30948.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30948", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A person with physical access to an iOS device may be able to access stored passwords without authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication." } ] } diff --git a/2021/30xxx/CVE-2021-30949.json b/2021/30xxx/CVE-2021-30949.json index 1390172844f..69fb03d32f1 100644 --- a/2021/30xxx/CVE-2021-30949.json +++ b/2021/30xxx/CVE-2021-30949.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30949", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2021/30xxx/CVE-2021-30950.json b/2021/30xxx/CVE-2021-30950.json index 2dbeb9646c2..16032ee05cb 100644 --- a/2021/30xxx/CVE-2021-30950.json +++ b/2021/30xxx/CVE-2021-30950.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30950", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may bypass Gatekeeper checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks." } ] } diff --git a/2021/30xxx/CVE-2021-30951.json b/2021/30xxx/CVE-2021-30951.json index a8b1bdea930..dc238e683a6 100644 --- a/2021/30xxx/CVE-2021-30951.json +++ b/2021/30xxx/CVE-2021-30951.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30951", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30952.json b/2021/30xxx/CVE-2021-30952.json index 9d7f2f4aa73..c2921369ac1 100644 --- a/2021/30xxx/CVE-2021-30952.json +++ b/2021/30xxx/CVE-2021-30952.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30952", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30953.json b/2021/30xxx/CVE-2021-30953.json index a4b97f2c465..797c662d440 100644 --- a/2021/30xxx/CVE-2021-30953.json +++ b/2021/30xxx/CVE-2021-30953.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30953", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30954.json b/2021/30xxx/CVE-2021-30954.json index e9b4b9c35cd..c92766870e7 100644 --- a/2021/30xxx/CVE-2021-30954.json +++ b/2021/30xxx/CVE-2021-30954.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30954", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212982", + "name": "https://support.apple.com/en-us/HT212982" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30957.json b/2021/30xxx/CVE-2021-30957.json index 5eb7cb2d211..c487bd482f7 100644 --- a/2021/30xxx/CVE-2021-30957.json +++ b/2021/30xxx/CVE-2021-30957.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30957", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.3" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted audio file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212975", + "name": "https://support.apple.com/en-us/HT212975" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212976", + "name": "https://support.apple.com/en-us/HT212976" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212978", + "name": "https://support.apple.com/en-us/HT212978" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212980", + "name": "https://support.apple.com/en-us/HT212980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution." } ] } diff --git a/2021/30xxx/CVE-2021-30959.json b/2021/30xxx/CVE-2021-30959.json index 7ec275a10e6..b9e63a2df1a 100644 --- a/2021/30xxx/CVE-2021-30959.json +++ b/2021/30xxx/CVE-2021-30959.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30959", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Parsing a maliciously crafted audio file may lead to disclosure of user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information." } ] } diff --git a/2021/30xxx/CVE-2021-30961.json b/2021/30xxx/CVE-2021-30961.json index d897f646504..224070c688a 100644 --- a/2021/30xxx/CVE-2021-30961.json +++ b/2021/30xxx/CVE-2021-30961.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30961", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Parsing a maliciously crafted audio file may lead to disclosure of user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212979", + "name": "https://support.apple.com/en-us/HT212979" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT212981", + "name": "https://support.apple.com/en-us/HT212981" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information." } ] } diff --git a/2021/35xxx/CVE-2021-35243.json b/2021/35xxx/CVE-2021-35243.json index 241da7d8a19..189b5fe0762 100644 --- a/2021/35xxx/CVE-2021-35243.json +++ b/2021/35xxx/CVE-2021-35243.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", + "DATE_PUBLIC": "2021-12-22T14:30:00.000Z", "ID": "CVE-2021-35243", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "HTTP PUT & DELETE Methods Enabled" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Help Desk", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "12.7.6 and earlier", + "version_value": " " + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-749 Exposed Dangerous Method or Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Affected customers are advised to upgrade to 12.7.7 Hotfix 1, once it becomes available." + } + ], + "source": { + "defect": [ + "CVE-2021-35243" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3584.json b/2021/3xxx/CVE-2021-3584.json index d3a805ce953..61874a7441a 100644 --- a/2021/3xxx/CVE-2021-3584.json +++ b/2021/3xxx/CVE-2021-3584.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://projects.theforeman.org/issues/32753", + "url": "https://projects.theforeman.org/issues/32753" + }, + { + "refsource": "MISC", + "name": "https://github.com/theforeman/foreman/pull/8599", + "url": "https://github.com/theforeman/foreman/pull/8599" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0." } ] } diff --git a/2021/43xxx/CVE-2021-43981.json b/2021/43xxx/CVE-2021-43981.json index 743c868b5d8..0327f7b8f86 100644 --- a/2021/43xxx/CVE-2021-43981.json +++ b/2021/43xxx/CVE-2021-43981.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-43981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43984.json b/2021/43xxx/CVE-2021-43984.json index 38763591199..9b804d27df9 100644 --- a/2021/43xxx/CVE-2021-43984.json +++ b/2021/43xxx/CVE-2021-43984.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-43984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43985.json b/2021/43xxx/CVE-2021-43985.json index 22553502712..b66caf8cc58 100644 --- a/2021/43xxx/CVE-2021-43985.json +++ b/2021/43xxx/CVE-2021-43985.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-43985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43987.json b/2021/43xxx/CVE-2021-43987.json index bff86385367..bf2ab5c9186 100644 --- a/2021/43xxx/CVE-2021-43987.json +++ b/2021/43xxx/CVE-2021-43987.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-43987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-912 Hidden Functionality " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43989.json b/2021/43xxx/CVE-2021-43989.json index 2a3e5f226d1..4e7a6aa5b1f 100644 --- a/2021/43xxx/CVE-2021-43989.json +++ b/2021/43xxx/CVE-2021-43989.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-43989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-916 Use of Password Hash With Insufficient Computational Effort" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44453.json b/2021/44xxx/CVE-2021-44453.json index f3d2b96657b..4f754b172ba 100644 --- a/2021/44xxx/CVE-2021-44453.json +++ b/2021/44xxx/CVE-2021-44453.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-21T17:26:00.000Z", "ID": "CVE-2021-44453", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "mySCADA myPRO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myPRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "8.20.0" + } + ] + } + } + ] + }, + "vendor_name": "mySCADA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support." + } + ], + "source": { + "advisory": "ICSA-21-355-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44540.json b/2021/44xxx/CVE-2021-44540.json index a76fdb76163..370a2808bcc 100644 --- a/2021/44xxx/CVE-2021-44540.json +++ b/2021/44xxx/CVE-2021-44540.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Privoxy", + "version": { + "version_data": [ + { + "version_value": "Privoxy 3.0.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", + "url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html," + }, + { + "refsource": "MISC", + "name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", + "url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing." } ] } diff --git a/2021/44xxx/CVE-2021-44541.json b/2021/44xxx/CVE-2021-44541.json index df541d826f6..1df34c05f8f 100644 --- a/2021/44xxx/CVE-2021-44541.json +++ b/2021/44xxx/CVE-2021-44541.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Privoxy", + "version": { + "version_data": [ + { + "version_value": "Privoxy 3.0.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", + "url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html," + }, + { + "refsource": "MISC", + "name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", + "url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination." } ] } diff --git a/2021/44xxx/CVE-2021-44542.json b/2021/44xxx/CVE-2021-44542.json index b6fb2ea33a6..eba2a09a959 100644 --- a/2021/44xxx/CVE-2021-44542.json +++ b/2021/44xxx/CVE-2021-44542.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Privoxy", + "version": { + "version_data": [ + { + "version_value": "Privoxy 3.0.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", + "url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html," + }, + { + "refsource": "MISC", + "name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08", + "url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory leak vulnerability was found in Privoxy when handling errors." } ] } diff --git a/2021/44xxx/CVE-2021-44543.json b/2021/44xxx/CVE-2021-44543.json index 97129ed4931..6dfa0e77656 100644 --- a/2021/44xxx/CVE-2021-44543.json +++ b/2021/44xxx/CVE-2021-44543.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "privoxy", + "version": { + "version_data": [ + { + "version_value": "Privoxy 3.0.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", + "url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html," + }, + { + "refsource": "MISC", + "name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c", + "url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself." } ] } diff --git a/2021/45xxx/CVE-2021-45463.json b/2021/45xxx/CVE-2021-45463.json index 8b3976c7b94..eb6ea3cba30 100644 --- a/2021/45xxx/CVE-2021-45463.json +++ b/2021/45xxx/CVE-2021-45463.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load." + "value": "GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load." } ] }, @@ -61,6 +61,16 @@ "url": "https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868", + "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868" + }, + { + "refsource": "MISC", + "name": "https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/", + "url": "https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/" } ] } diff --git a/2021/4xxx/CVE-2021-4024.json b/2021/4xxx/CVE-2021-4024.json index 46c3a91c5a4..351f3a53c6c 100644 --- a/2021/4xxx/CVE-2021-4024.json +++ b/2021/4xxx/CVE-2021-4024.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "podman", + "version": { + "version_data": [ + { + "version_value": "podman 3.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200, CWE-346" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675,", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675," + }, + { + "refsource": "MISC", + "name": "https://github.com/containers/podman/releases/tag/v3.4.3", + "url": "https://github.com/containers/podman/releases/tag/v3.4.3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM." } ] }