From 0729feeb33094d4613e11757ad04a29839417ba8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Jan 2022 23:01:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22060.json | 50 +++++++++++++- 2021/23xxx/CVE-2021-23173.json | 96 +++++++++++++++++++++++++-- 2021/30xxx/CVE-2021-30360.json | 50 +++++++++++++- 2021/32xxx/CVE-2021-32996.json | 89 +++++++++++++++++++++++-- 2021/32xxx/CVE-2021-32998.json | 89 +++++++++++++++++++++++-- 2021/35xxx/CVE-2021-35247.json | 91 ++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39993.json | 53 ++++++++++++++- 2021/39xxx/CVE-2021-39996.json | 61 ++++++++++++++++- 2021/39xxx/CVE-2021-39998.json | 61 ++++++++++++++++- 2021/40xxx/CVE-2021-40000.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40001.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40002.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40003.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40004.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40005.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40006.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40009.json | 88 +++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40010.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40011.json | 104 +++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40014.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40018.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40020.json | 92 ++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40021.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40022.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40025.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40026.json | 88 +++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40027.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40028.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40029.json | 116 +++++++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40031.json | 83 +++++++++++++++++++++-- 2021/40xxx/CVE-2021-40032.json | 57 ++++++++++++++-- 2021/40xxx/CVE-2021-40035.json | 116 +++++++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40037.json | 116 +++++++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40038.json | 88 +++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40039.json | 88 +++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40041.json | 56 +++++++++++++++- 2021/42xxx/CVE-2021-42392.json | 64 +++++++++++++++++- 2021/44xxx/CVE-2021-44528.json | 50 +++++++++++++- 2021/46xxx/CVE-2021-46048.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46049.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46050.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46051.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46052.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46053.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46054.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46055.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46058.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46059.json | 56 ++++++++++++++-- 2021/46xxx/CVE-2021-46060.json | 56 ++++++++++++++-- 2021/4xxx/CVE-2021-4161.json | 18 ++--- 2022/21xxx/CVE-2022-21823.json | 50 +++++++++++++- 2022/22xxx/CVE-2022-22263.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22264.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22265.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22266.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22267.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22268.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22269.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22270.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22271.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22272.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22283.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22284.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22285.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22286.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22287.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22288.json | 77 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22289.json | 77 ++++++++++++++++++++-- 68 files changed, 4311 insertions(+), 383 deletions(-) diff --git a/2021/22xxx/CVE-2021-22060.json b/2021/22xxx/CVE-2021-22060.json index 2bbfa0a8e8b..bf777c4450e 100644 --- a/2021/22xxx/CVE-2021-22060.json +++ b/2021/22xxx/CVE-2021-22060.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "version_value": "Spring Framework 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious input to cause the insertion of additional log entries." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2021-22060", + "url": "https://tanzu.vmware.com/security/cve-2021-22060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase." } ] } diff --git a/2021/23xxx/CVE-2021-23173.json b/2021/23xxx/CVE-2021-23173.json index b01de26468a..06024961b0e 100644 --- a/2021/23xxx/CVE-2021-23173.json +++ b/2021/23xxx/CVE-2021-23173.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-01-06T23:05:00.000Z", "ID": "CVE-2021-23173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSMA-22-006-01 Philips Engage Software" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Engage Software", + "version": { + "version_data": [ + { + "platform": "NA", + "version_affected": "<", + "version_name": "all", + "version_value": "6.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Parnassia and S-Unit reported this vulnerability to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Philips released and deployed updated Version 6.2.2 in September of 2021, which mitigated this vulnerability. Engage is a hosted application and users don\u2019t need to take any action." + } + ], + "source": { + "advisory": "ICSMA-22-006-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30360.json b/2021/30xxx/CVE-2021-30360.json index b2843f66e9d..c3efe29946a 100644 --- a/2021/30xxx/CVE-2021-30360.json +++ b/2021/30xxx/CVE-2021-30360.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Check Point Remote Access Client", + "version": { + "version_data": [ + { + "version_value": "before E86.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://supportcontent.checkpoint.com/solutions?id=sk176853", + "url": "https://supportcontent.checkpoint.com/solutions?id=sk176853" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges." } ] } diff --git a/2021/32xxx/CVE-2021-32996.json b/2021/32xxx/CVE-2021-32996.json index d8b4f8295bd..fa1be23c6b9 100644 --- a/2021/32xxx/CVE-2021-32996.json +++ b/2021/32xxx/CVE-2021-32996.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-07T17:00:00.000Z", "ID": "CVE-2021-32996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R-30iA, R-30iA Mate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": " v7", + "version_value": "v7.70" + } + ] + } + }, + { + "product_name": "R-30iB, R-30iB Mate, R-30iB Compact", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v8", + "version_value": "v8.36" + } + ] + } + }, + { + "product_name": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V9", + "version_value": "v9.40" + } + ] + } + } + ] + }, + "vendor_name": "FANUC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-192 INTEGER COERCION ERROR" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32998.json b/2021/32xxx/CVE-2021-32998.json index 6ba82a86b4c..d6b276adf83 100644 --- a/2021/32xxx/CVE-2021-32998.json +++ b/2021/32xxx/CVE-2021-32998.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-12-07T17:00:00.000Z", "ID": "CVE-2021-32998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R-30iA, R-30iA Mate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": " v7", + "version_value": "v7.70" + } + ] + } + }, + { + "product_name": "R-30iB, R-30iB Mate, R-30iB Compact", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v8", + "version_value": "v8.36" + } + ] + } + }, + { + "product_name": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V9", + "version_value": "v9.40" + } + ] + } + } + ] + }, + "vendor_name": "FANUC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35247.json b/2021/35xxx/CVE-2021-35247.json index 90dcf4c0894..f7f9046d43e 100644 --- a/2021/35xxx/CVE-2021-35247.json +++ b/2021/35xxx/CVE-2021-35247.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", + "DATE_PUBLIC": "2022-01-05T09:21:00.000Z", "ID": "CVE-2021-35247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Input Validation Vulnerability in Serv-U " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Serv-U", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.2.5 and previous versions ", + "version_value": "15.3" + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "SolarWinds would like to thank Jonathan Bar Or of Microsoft (@yo_yo_yo_jbo) for reporting this vulnerability " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247" + } + ] + }, + "source": { + "defect": [ + "CVE-2021-35247" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39993.json b/2021/39xxx/CVE-2021-39993.json index db9f2d912dc..d8fe3d83525 100644 --- a/2021/39xxx/CVE-2021-39993.json +++ b/2021/39xxx/CVE-2021-39993.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.0" + }, + { + "version_value": "Magic UI 4.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2021/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access." } ] } diff --git a/2021/39xxx/CVE-2021-39996.json b/2021/39xxx/CVE-2021-39996.json index 56105a00ab7..19412694db8 100644 --- a/2021/39xxx/CVE-2021-39996.json +++ b/2021/39xxx/CVE-2021-39996.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI;HarmonyOS", + "version": { + "version_data": [ + { + "version_value": "EMUI 10.0.0,EMUI 10.1.0,EMUI 10.1.1,EMUI 11.0.0,EMUI 11.0.1" + }, + { + "version_value": "Magic UI 3.0.0,Magic UI 3.1.0,Magic UI 3.1.1,Magic UI 4.0.0" + }, + { + "version_value": "HarmonyOS 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" + }, + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2021/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow." } ] } diff --git a/2021/39xxx/CVE-2021-39998.json b/2021/39xxx/CVE-2021-39998.json index d143929926e..ef2dafd18be 100644 --- a/2021/39xxx/CVE-2021-39998.json +++ b/2021/39xxx/CVE-2021-39998.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI;HarmonyOS", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.0,EMUI 11.0.1" + }, + { + "version_value": "Magic UI 4.0.0" + }, + { + "version_value": "HarmonyOS 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Concurrently called for multiple times" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" + }, + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2021/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart." } ] } diff --git a/2021/40xxx/CVE-2021-40000.json b/2021/40xxx/CVE-2021-40000.json index 554952a99b4..308447dee48 100644 --- a/2021/40xxx/CVE-2021-40000.json +++ b/2021/40xxx/CVE-2021-40000.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40001.json b/2021/40xxx/CVE-2021-40001.json index 4e3caa57aee..3bf21480ddc 100644 --- a/2021/40xxx/CVE-2021-40001.json +++ b/2021/40xxx/CVE-2021-40001.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40002.json b/2021/40xxx/CVE-2021-40002.json index 6e7a896c92f..eb2d93fcde9 100644 --- a/2021/40xxx/CVE-2021-40002.json +++ b/2021/40xxx/CVE-2021-40002.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40003.json b/2021/40xxx/CVE-2021-40003.json index bf09feab9f3..8e7db6c7c59 100644 --- a/2021/40xxx/CVE-2021-40003.json +++ b/2021/40xxx/CVE-2021-40003.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40004.json b/2021/40xxx/CVE-2021-40004.json index 93e3e5a6fa3..a299539f3e0 100644 --- a/2021/40xxx/CVE-2021-40004.json +++ b/2021/40xxx/CVE-2021-40004.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40005.json b/2021/40xxx/CVE-2021-40005.json index f05a110ffc3..50b56036a8f 100644 --- a/2021/40xxx/CVE-2021-40005.json +++ b/2021/40xxx/CVE-2021-40005.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40006.json b/2021/40xxx/CVE-2021-40006.json index 8d0740c58b5..105d30c648b 100644 --- a/2021/40xxx/CVE-2021-40006.json +++ b/2021/40xxx/CVE-2021-40006.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Features" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" } ] } diff --git a/2021/40xxx/CVE-2021-40009.json b/2021/40xxx/CVE-2021-40009.json index a17981723ed..e9f3d332a0f 100644 --- a/2021/40xxx/CVE-2021-40009.json +++ b/2021/40xxx/CVE-2021-40009.json @@ -1,17 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40010.json b/2021/40xxx/CVE-2021-40010.json index 0d512b6adbc..faf5af6ac74 100644 --- a/2021/40xxx/CVE-2021-40010.json +++ b/2021/40xxx/CVE-2021-40010.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40011.json b/2021/40xxx/CVE-2021-40011.json index b32e30ba607..74d297685b8 100644 --- a/2021/40xxx/CVE-2021-40011.json +++ b/2021/40xxx/CVE-2021-40011.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40011", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" } ] } diff --git a/2021/40xxx/CVE-2021-40014.json b/2021/40xxx/CVE-2021-40014.json index 768f5adbadd..1b39bd842f1 100644 --- a/2021/40xxx/CVE-2021-40014.json +++ b/2021/40xxx/CVE-2021-40014.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40018.json b/2021/40xxx/CVE-2021-40018.json index d877bb42487..a7510ae10a8 100644 --- a/2021/40xxx/CVE-2021-40018.json +++ b/2021/40xxx/CVE-2021-40018.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null Pointer Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40020.json b/2021/40xxx/CVE-2021-40020.json index d5352720b83..bbe71e4c608 100644 --- a/2021/40xxx/CVE-2021-40020.json +++ b/2021/40xxx/CVE-2021-40020.json @@ -1,17 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds array read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" } ] } diff --git a/2021/40xxx/CVE-2021-40021.json b/2021/40xxx/CVE-2021-40021.json index 723ecd3aeaa..f43ae81c5ed 100644 --- a/2021/40xxx/CVE-2021-40021.json +++ b/2021/40xxx/CVE-2021-40021.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40022.json b/2021/40xxx/CVE-2021-40022.json index fadc393015e..2371e944574 100644 --- a/2021/40xxx/CVE-2021-40022.json +++ b/2021/40xxx/CVE-2021-40022.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40025.json b/2021/40xxx/CVE-2021-40025.json index 0ccc80d0a45..987b5f3a197 100644 --- a/2021/40xxx/CVE-2021-40025.json +++ b/2021/40xxx/CVE-2021-40025.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40026.json b/2021/40xxx/CVE-2021-40026.json index aff15856628..58a3d1784d1 100644 --- a/2021/40xxx/CVE-2021-40026.json +++ b/2021/40xxx/CVE-2021-40026.json @@ -1,17 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40027.json b/2021/40xxx/CVE-2021-40027.json index 8f2396aad16..5be074750dc 100644 --- a/2021/40xxx/CVE-2021-40027.json +++ b/2021/40xxx/CVE-2021-40027.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40028.json b/2021/40xxx/CVE-2021-40028.json index ee244dbbb1d..abaaf05a50d 100644 --- a/2021/40xxx/CVE-2021-40028.json +++ b/2021/40xxx/CVE-2021-40028.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40029.json b/2021/40xxx/CVE-2021-40029.json index d8fcfa1fc02..1f9acacb392 100644 --- a/2021/40xxx/CVE-2021-40029.json +++ b/2021/40xxx/CVE-2021-40029.json @@ -1,17 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow vulnerability due to a boundary error with the Samba server" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40031.json b/2021/40xxx/CVE-2021-40031.json index 6b2fadde81f..b9b8ff8d45d 100644 --- a/2021/40xxx/CVE-2021-40031.json +++ b/2021/40xxx/CVE-2021-40031.json @@ -1,17 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" } ] } diff --git a/2021/40xxx/CVE-2021-40032.json b/2021/40xxx/CVE-2021-40032.json index 213ef26a44d..86361cbd7a4 100644 --- a/2021/40xxx/CVE-2021-40032.json +++ b/2021/40xxx/CVE-2021-40032.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40035.json b/2021/40xxx/CVE-2021-40035.json index 54f06a8e77e..219843370d0 100644 --- a/2021/40xxx/CVE-2021-40035.json +++ b/2021/40xxx/CVE-2021-40035.json @@ -1,17 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40035", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow vulnerability due to a boundary error with the Samba server" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40037.json b/2021/40xxx/CVE-2021-40037.json index 0c4413a2370..59c086f883f 100644 --- a/2021/40xxx/CVE-2021-40037.json +++ b/2021/40xxx/CVE-2021-40037.json @@ -1,17 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerability of accessing resources using an incompatible type (type confusion)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40038.json b/2021/40xxx/CVE-2021-40038.json index f3f0f39970e..bf2120a16f9 100644 --- a/2021/40xxx/CVE-2021-40038.json +++ b/2021/40xxx/CVE-2021-40038.json @@ -1,17 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40039.json b/2021/40xxx/CVE-2021-40039.json index 3f718d457c9..bad83b6f8d8 100644 --- a/2021/40xxx/CVE-2021-40039.json +++ b/2021/40xxx/CVE-2021-40039.json @@ -1,17 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331" } ] } diff --git a/2021/40xxx/CVE-2021-40041.json b/2021/40xxx/CVE-2021-40041.json index 9e188068f34..2c4da304654 100644 --- a/2021/40xxx/CVE-2021-40041.json +++ b/2021/40xxx/CVE-2021-40041.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WS318n-21", + "version": { + "version_data": [ + { + "version_value": "10.0.2.2" + }, + { + "version_value": "10.0.2.5" + }, + { + "version_value": "10.0.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting(XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211229-01-xss-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211229-01-xss-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6." } ] } diff --git a/2021/42xxx/CVE-2021-42392.json b/2021/42xxx/CVE-2021-42392.json index ea202e63e12..e86bd11eee1 100644 --- a/2021/42xxx/CVE-2021-42392.json +++ b/2021/42xxx/CVE-2021-42392.json @@ -4,15 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "h2database", + "product": { + "product_data": [ + { + "product_name": "h2", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": ">=", + "version_value": "1.1.000", + "platform": "" + }, + { + "version_name": "", + "version_affected": "<=", + "version_value": "2.0.204", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", + "name": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" + } + ] + }, + "impact": { + "cvssv3": { + "SCORE": "9.8" + } } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44528.json b/2021/44xxx/CVE-2021-44528.json index e58a00cc89e..70e4d14647e 100644 --- a/2021/44xxx/CVE-2021-44528.json +++ b/2021/44xxx/CVE-2021-44528.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "6.1.4.2, 6.0.4.2, 7.0.0.rc2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect (CWE-601)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815", + "url": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website." } ] } diff --git a/2021/46xxx/CVE-2021-46048.json b/2021/46xxx/CVE-2021-46048.json index e99a8011d4a..0c3e141a5a9 100644 --- a/2021/46xxx/CVE-2021-46048.json +++ b/2021/46xxx/CVE-2021-46048.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4412", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4412" } ] } diff --git a/2021/46xxx/CVE-2021-46049.json b/2021/46xxx/CVE-2021-46049.json index 54c81131160..d3cd22943f3 100644 --- a/2021/46xxx/CVE-2021-46049.json +++ b/2021/46xxx/CVE-2021-46049.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gpac/gpac/issues/2013", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/2013" } ] } diff --git a/2021/46xxx/CVE-2021-46050.json b/2021/46xxx/CVE-2021-46050.json index 6be8b4c71bb..8b3c536e607 100644 --- a/2021/46xxx/CVE-2021-46050.json +++ b/2021/46xxx/CVE-2021-46050.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4391", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4391" } ] } diff --git a/2021/46xxx/CVE-2021-46051.json b/2021/46xxx/CVE-2021-46051.json index 123b0b446ab..093ab93d751 100644 --- a/2021/46xxx/CVE-2021-46051.json +++ b/2021/46xxx/CVE-2021-46051.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gpac/gpac/issues/2011", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/2011" } ] } diff --git a/2021/46xxx/CVE-2021-46052.json b/2021/46xxx/CVE-2021-46052.json index 60fa7d7406a..5453399a206 100644 --- a/2021/46xxx/CVE-2021-46052.json +++ b/2021/46xxx/CVE-2021-46052.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4411", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4411" } ] } diff --git a/2021/46xxx/CVE-2021-46053.json b/2021/46xxx/CVE-2021-46053.json index 004853c57c7..0a7c2f1a9e7 100644 --- a/2021/46xxx/CVE-2021-46053.json +++ b/2021/46xxx/CVE-2021-46053.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46053", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46053", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4392", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4392" } ] } diff --git a/2021/46xxx/CVE-2021-46054.json b/2021/46xxx/CVE-2021-46054.json index 8ead6076dde..3731a912b01 100644 --- a/2021/46xxx/CVE-2021-46054.json +++ b/2021/46xxx/CVE-2021-46054.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46054", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46054", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4410", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4410" } ] } diff --git a/2021/46xxx/CVE-2021-46055.json b/2021/46xxx/CVE-2021-46055.json index 1426b8cc014..a66c749a078 100644 --- a/2021/46xxx/CVE-2021-46055.json +++ b/2021/46xxx/CVE-2021-46055.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WebAssembly/binaryen/issues/4413", + "refsource": "MISC", + "name": "https://github.com/WebAssembly/binaryen/issues/4413" } ] } diff --git a/2021/46xxx/CVE-2021-46058.json b/2021/46xxx/CVE-2021-46058.json index 7bd995eca79..a076a0f95a8 100644 --- a/2021/46xxx/CVE-2021-46058.json +++ b/2021/46xxx/CVE-2021-46058.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46058", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2 in cmds.c, which caused a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html" } ] } diff --git a/2021/46xxx/CVE-2021-46059.json b/2021/46xxx/CVE-2021-46059.json index 3b46e56c062..a4253584690 100644 --- a/2021/46xxx/CVE-2021-46059.json +++ b/2021/46xxx/CVE-2021-46059.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/" } ] } diff --git a/2021/46xxx/CVE-2021-46060.json b/2021/46xxx/CVE-2021-46060.json index b7363466e98..f6828a133ce 100644 --- a/2021/46xxx/CVE-2021-46060.json +++ b/2021/46xxx/CVE-2021-46060.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46060", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46060", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 via the setcmd function at commands.c, which causes a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html" } ] } diff --git a/2021/4xxx/CVE-2021-4161.json b/2021/4xxx/CVE-2021-4161.json index c097a90035e..cdca4d099d9 100644 --- a/2021/4xxx/CVE-2021-4161.json +++ b/2021/4xxx/CVE-2021-4161.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", - "DATE_PUBLIC": "2021-12-23T23:31:00.000Z", + "DATE_PUBLIC": "2021-12-23T23:05:00.000Z", "ID": "CVE-2021-4161", "STATE": "PUBLIC", "TITLE": "ICSA-21-357-01 Moxa MGate Protocol Gateways" @@ -13,10 +13,11 @@ "product": { "product_data": [ { - "product_name": "MGate MB3180 Series: Firmware", + "product_name": "MGate MB3180 Series", "version": { "version_data": [ { + "platform": "NA", "version_affected": "<", "version_name": "all", "version_value": "2.2" @@ -25,11 +26,11 @@ } }, { - "product_name": "MGate MB3280 Series: Firmware", + "product_name": "MGate MB3280 Series", "version": { "version_data": [ { - "version_affected": "<", + "platform": "NA", "version_name": "all", "version_value": "4.1" } @@ -37,11 +38,11 @@ } }, { - "product_name": "MGate MB3480 Series: Firmware", + "product_name": "MGate MB3480 Series", "version": { "version_data": [ { - "version_affected": "<", + "platform": "NA", "version_name": "all", "version_value": "3.2" } @@ -58,7 +59,7 @@ "credit": [ { "lang": "eng", - "value": "Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi of CoE-CNDS Lab; VJTI; and Mumbai-INDIA reported this vulnerability to Moxa" + "value": "Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi of CoE-CNDS Lab; VJTI; and Mumbai-INDIA reported this vulnerability to Moxa." } ], "data_format": "MITRE", @@ -115,10 +116,11 @@ "solution": [ { "lang": "eng", - "value": "Moxa has developed the following mitigations to address this vulnerability:\n\n-Enable \u2018HTTPS\u2019 and disable the HTTP console function under \u2018Console Settings\u2019\n-Moxa also recommends users refer to Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series" + "value": "Moxa has developed the following mitigations to address this vulnerability.\n\nEnable \u2018HTTPS\u2019 and disable the HTTP console function under \u2018Console Settings\u2019\nMoxa also recommends users refer to Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series" } ], "source": { + "advisory": "ICSA-21-357-01", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21823.json b/2022/21xxx/CVE-2022-21823.json index 8462ba8fc85..2cde5279bb5 100644 --- a/2022/21xxx/CVE-2022-21823.json +++ b/2022/21xxx/CVE-2022-21823.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Workspace Control", + "version": { + "version_data": [ + { + "version_value": "2021.2 (10.7.30.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Storage of Sensitive Information (CWE-922)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-obtain-key-information-due-to-an-unspecified-attack-vector?language=en_US", + "url": "https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-obtain-key-information-due-to-an-unspecified-attack-vector?language=en_US" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector." } ] } diff --git a/2022/22xxx/CVE-2022-22263.json b/2022/22xxx/CVE-2022-22263.json index 305f8c9cb18..213f30231d8 100644 --- a/2022/22xxx/CVE-2022-22263.json +++ b/2022/22xxx/CVE-2022-22263.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22264.json b/2022/22xxx/CVE-2022-22264.json index 5b9f10dcc7e..239550ae4e1 100644 --- a/2022/22xxx/CVE-2022-22264.json +++ b/2022/22xxx/CVE-2022-22264.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22265.json b/2022/22xxx/CVE-2022-22265.json index e7c991eb84d..952b35cf4d8 100644 --- a/2022/22xxx/CVE-2022-22265.json +++ b/2022/22xxx/CVE-2022-22265.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703: Improper Check or Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22266.json b/2022/22xxx/CVE-2022-22266.json index f8da2e94d2b..771004c0849 100644 --- a/2022/22xxx/CVE-2022-22266.json +++ b/2022/22xxx/CVE-2022-22266.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22267.json b/2022/22xxx/CVE-2022-22267.json index af56ba877ba..dbe8f62f778 100644 --- a/2022/22xxx/CVE-2022-22267.json +++ b/2022/22xxx/CVE-2022-22267.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22268.json b/2022/22xxx/CVE-2022-22268.json index fc8f0f5b769..0a7a33bb357 100644 --- a/2022/22xxx/CVE-2022-22268.json +++ b/2022/22xxx/CVE-2022-22268.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22268", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22269.json b/2022/22xxx/CVE-2022-22269.json index e72ba3cd036..641026029a5 100644 --- a/2022/22xxx/CVE-2022-22269.json +++ b/2022/22xxx/CVE-2022-22269.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22270.json b/2022/22xxx/CVE-2022-22270.json index 998601476f8..f4296e6e35a 100644 --- a/2022/22xxx/CVE-2022-22270.json +++ b/2022/22xxx/CVE-2022-22270.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22270", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22271.json b/2022/22xxx/CVE-2022-22271.json index 670635f4892..df36f5ca204 100644 --- a/2022/22xxx/CVE-2022-22271.json +++ b/2022/22xxx/CVE-2022-22271.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22271", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22272.json b/2022/22xxx/CVE-2022-22272.json index 25c1fd8ac70..70d2cb9169b 100644 --- a/2022/22xxx/CVE-2022-22272.json +++ b/2022/22xxx/CVE-2022-22272.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Jan-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22283.json b/2022/22xxx/CVE-2022-22283.json index bedd31c23c2..102eb43515e 100644 --- a/2022/22xxx/CVE-2022-22283.json +++ b/2022/22xxx/CVE-2022-22283.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Health", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "6.20.1.005" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22284.json b/2022/22xxx/CVE-2022-22284.json index df4143e6570..0e3736b3ec6 100644 --- a/2022/22xxx/CVE-2022-22284.json +++ b/2022/22xxx/CVE-2022-22284.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Internet", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "16.0.2.19" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22285.json b/2022/22xxx/CVE-2022-22285.json index 69af1a1ce5b..d2514143728 100644 --- a/2022/22xxx/CVE-2022-22285.json +++ b/2022/22xxx/CVE-2022-22285.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reminder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22286.json b/2022/22xxx/CVE-2022-22286.json index 652d0960fb5..121c20cd877 100644 --- a/2022/22xxx/CVE-2022-22286.json +++ b/2022/22xxx/CVE-2022-22286.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bixby Routines", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22287.json b/2022/22xxx/CVE-2022-22287.json index a71995435c6..5451bc6ac0f 100644 --- a/2022/22xxx/CVE-2022-22287.json +++ b/2022/22xxx/CVE-2022-22287.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Email", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "6.1.60.16" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22288.json b/2022/22xxx/CVE-2022-22288.json index c062b90841b..44d8df9f6cb 100644 --- a/2022/22xxx/CVE-2022-22288.json +++ b/2022/22xxx/CVE-2022-22288.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy Store", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "4.5.36.5" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22289.json b/2022/22xxx/CVE-2022-22289.json index 82a69fed431..29cbe79bcb2 100644 --- a/2022/22xxx/CVE-2022-22289.json +++ b/2022/22xxx/CVE-2022-22289.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "S Assistant", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "7.5" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file