From 0a2e01b70db84750c317b48fefc8fb1bcc4fb413 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 18 Nov 2021 15:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/0xxx/CVE-2021-0619.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0620.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0621.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0622.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0623.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0624.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0629.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0655.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0656.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0657.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0658.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0659.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0664.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0665.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0666.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0667.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0668.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0669.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0670.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0671.json | 50 +++++++++++++++- 2021/0xxx/CVE-2021-0672.json | 50 +++++++++++++++- 2021/27xxx/CVE-2021-27023.json | 50 +++++++++++++++- 2021/27xxx/CVE-2021-27024.json | 50 +++++++++++++++- 2021/27xxx/CVE-2021-27025.json | 50 +++++++++++++++- 2021/27xxx/CVE-2021-27026.json | 50 +++++++++++++++- 2021/36xxx/CVE-2021-36908.json | 104 +++++++++++++++++++++++++++++++-- 2021/36xxx/CVE-2021-36909.json | 104 +++++++++++++++++++++++++++++++-- 2021/43xxx/CVE-2021-43549.json | 90 +++++++++++++++++++++++++--- 28 files changed, 1454 insertions(+), 94 deletions(-) diff --git a/2021/0xxx/CVE-2021-0619.json b/2021/0xxx/CVE-2021-0619.json index b89c32849ba..6dbc66c8504 100644 --- a/2021/0xxx/CVE-2021-0619.json +++ b/2021/0xxx/CVE-2021-0619.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6739, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395." } ] } diff --git a/2021/0xxx/CVE-2021-0620.json b/2021/0xxx/CVE-2021-0620.json index fb88fede069..d4fbda56b21 100644 --- a/2021/0xxx/CVE-2021-0620.json +++ b/2021/0xxx/CVE-2021-0620.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381." } ] } diff --git a/2021/0xxx/CVE-2021-0621.json b/2021/0xxx/CVE-2021-0621.json index 5eed90845c9..8a0c4c58df0 100644 --- a/2021/0xxx/CVE-2021-0621.json +++ b/2021/0xxx/CVE-2021-0621.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8184, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383." } ] } diff --git a/2021/0xxx/CVE-2021-0622.json b/2021/0xxx/CVE-2021-0622.json index f8664277a04..cc6db79ed5c 100644 --- a/2021/0xxx/CVE-2021-0622.json +++ b/2021/0xxx/CVE-2021-0622.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388." } ] } diff --git a/2021/0xxx/CVE-2021-0623.json b/2021/0xxx/CVE-2021-0623.json index e0c276fae86..8736232dd15 100644 --- a/2021/0xxx/CVE-2021-0623.json +++ b/2021/0xxx/CVE-2021-0623.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8186, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817." } ] } diff --git a/2021/0xxx/CVE-2021-0624.json b/2021/0xxx/CVE-2021-0624.json index dfac1411355..89ba0a6d5c0 100644 --- a/2021/0xxx/CVE-2021-0624.json +++ b/2021/0xxx/CVE-2021-0624.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988." } ] } diff --git a/2021/0xxx/CVE-2021-0629.json b/2021/0xxx/CVE-2021-0629.json index ebdee0d41d6..d3040494fb5 100644 --- a/2021/0xxx/CVE-2021-0629.json +++ b/2021/0xxx/CVE-2021-0629.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625." } ] } diff --git a/2021/0xxx/CVE-2021-0655.json b/2021/0xxx/CVE-2021-0655.json index b35178f5845..65201faf45b 100644 --- a/2021/0xxx/CVE-2021-0655.json +++ b/2021/0xxx/CVE-2021-0655.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424." } ] } diff --git a/2021/0xxx/CVE-2021-0656.json b/2021/0xxx/CVE-2021-0656.json index f84ab779fc0..f5e9b7f69b5 100644 --- a/2021/0xxx/CVE-2021-0656.json +++ b/2021/0xxx/CVE-2021-0656.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376." } ] } diff --git a/2021/0xxx/CVE-2021-0657.json b/2021/0xxx/CVE-2021-0657.json index 7980ee5f232..fcbd6f5ab91 100644 --- a/2021/0xxx/CVE-2021-0657.json +++ b/2021/0xxx/CVE-2021-0657.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103." } ] } diff --git a/2021/0xxx/CVE-2021-0658.json b/2021/0xxx/CVE-2021-0658.json index 176de3c8f05..dc8a52a354d 100644 --- a/2021/0xxx/CVE-2021-0658.json +++ b/2021/0xxx/CVE-2021-0658.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107." } ] } diff --git a/2021/0xxx/CVE-2021-0659.json b/2021/0xxx/CVE-2021-0659.json index f5b859b9841..f865e1a1b19 100644 --- a/2021/0xxx/CVE-2021-0659.json +++ b/2021/0xxx/CVE-2021-0659.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559." } ] } diff --git a/2021/0xxx/CVE-2021-0664.json b/2021/0xxx/CVE-2021-0664.json index d168b2f6426..bf3464f41a9 100644 --- a/2021/0xxx/CVE-2021-0664.json +++ b/2021/0xxx/CVE-2021-0664.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6889, MT8183, MT8385, MT8768, MT8788", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158." } ] } diff --git a/2021/0xxx/CVE-2021-0665.json b/2021/0xxx/CVE-2021-0665.json index 68f057764dd..3d0e3bad221 100644 --- a/2021/0xxx/CVE-2021-0665.json +++ b/2021/0xxx/CVE-2021-0665.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113." } ] } diff --git a/2021/0xxx/CVE-2021-0666.json b/2021/0xxx/CVE-2021-0666.json index 9db9135c043..4323ad669aa 100644 --- a/2021/0xxx/CVE-2021-0666.json +++ b/2021/0xxx/CVE-2021-0666.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086." } ] } diff --git a/2021/0xxx/CVE-2021-0667.json b/2021/0xxx/CVE-2021-0667.json index 392332af8cb..24eda58dead 100644 --- a/2021/0xxx/CVE-2021-0667.json +++ b/2021/0xxx/CVE-2021-0667.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581." } ] } diff --git a/2021/0xxx/CVE-2021-0668.json b/2021/0xxx/CVE-2021-0668.json index 54fbe85e51d..029ea8ade6e 100644 --- a/2021/0xxx/CVE-2021-0668.json +++ b/2021/0xxx/CVE-2021-0668.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521." } ] } diff --git a/2021/0xxx/CVE-2021-0669.json b/2021/0xxx/CVE-2021-0669.json index 3d9d80dc7ae..539be1b24d3 100644 --- a/2021/0xxx/CVE-2021-0669.json +++ b/2021/0xxx/CVE-2021-0669.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550." } ] } diff --git a/2021/0xxx/CVE-2021-0670.json b/2021/0xxx/CVE-2021-0670.json index 06eac0878cf..5892fae8bf9 100644 --- a/2021/0xxx/CVE-2021-0670.json +++ b/2021/0xxx/CVE-2021-0670.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663." } ] } diff --git a/2021/0xxx/CVE-2021-0671.json b/2021/0xxx/CVE-2021-0671.json index 6e9afe8d703..cbd11106411 100644 --- a/2021/0xxx/CVE-2021-0671.json +++ b/2021/0xxx/CVE-2021-0671.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273." } ] } diff --git a/2021/0xxx/CVE-2021-0672.json b/2021/0xxx/CVE-2021-0672.json index 1e3f6d46c21..bc887ed55ee 100644 --- a/2021/0xxx/CVE-2021-0672.json +++ b/2021/0xxx/CVE-2021-0672.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 8.1, 9.0, 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/November-2021", + "url": "https://corp.mediatek.com/product-security-bulletin/November-2021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05969704; Issue ID: ALPS05969704." } ] } diff --git a/2021/27xxx/CVE-2021-27023.json b/2021/27xxx/CVE-2021-27023.json index 0310849801d..252158d9a8b 100644 --- a/2021/27xxx/CVE-2021-27023.json +++ b/2021/27xxx/CVE-2021-27023.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise, Puppet Server, Puppet Agent", + "version": { + "version_data": [ + { + "version_value": "Puppet Enterprise prior to 2019.8.9, Puppet Enterprise prior to 2021.4, Puppet Server prior to 6.17.1, Puppet Server prior to 7.4.2, Puppet Agent prior to 6.25.1, Puppet Agent prior to 7.12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unsafe HTTP Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://puppet.com/security/cve/CVE-2021-27023", + "url": "https://puppet.com/security/cve/CVE-2021-27023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007" } ] } diff --git a/2021/27xxx/CVE-2021-27024.json b/2021/27xxx/CVE-2021-27024.json index e7043ce357e..cf2a87bd3fe 100644 --- a/2021/27xxx/CVE-2021-27024.json +++ b/2021/27xxx/CVE-2021-27024.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Puppet Continuous Delivery for Puppet Enterprise (CD4PE)", + "version": { + "version_data": [ + { + "version_value": "CD4PE prior to 4.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid Permissions Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://puppet.com/security/cve/cve-2021-27024", + "url": "https://puppet.com/security/cve/cve-2021-27024" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0" } ] } diff --git a/2021/27xxx/CVE-2021-27025.json b/2021/27xxx/CVE-2021-27025.json index 274fddbecf0..5d0d8abdd98 100644 --- a/2021/27xxx/CVE-2021-27025.json +++ b/2021/27xxx/CVE-2021-27025.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise, Puppet Agent", + "version": { + "version_data": [ + { + "version_value": "- Puppet Enterprise prior to 2019.8.9, Puppet Enterprise prior to 2021.4.0, Puppet Agent prior to 6.25.1, Puppet Agent prior to 7.12.1, Puppet Agent 5.5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Silent Configuration Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://puppet.com/security/cve/cve-2021-27025", + "url": "https://puppet.com/security/cve/cve-2021-27025" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'." } ] } diff --git a/2021/27xxx/CVE-2021-27026.json b/2021/27xxx/CVE-2021-27026.json index 9d9d5150044..32679e9a84b 100644 --- a/2021/27xxx/CVE-2021-27026.json +++ b/2021/27xxx/CVE-2021-27026.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise, Puppet Connect", + "version": { + "version_data": [ + { + "version_value": "Puppet Enterprise prior to 2019.8.9, Puppet Enterprise prior to 2021.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information May be Logged" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://puppet.com/security/cve/cve-2021-27026", + "url": "https://puppet.com/security/cve/cve-2021-27026" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged" } ] } diff --git a/2021/36xxx/CVE-2021-36908.json b/2021/36xxx/CVE-2021-36908.json index 628af9a9b8c..34ccd94c014 100644 --- a/2021/36xxx/CVE-2021-36908.json +++ b/2021/36xxx/CVE-2021-36908.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-11-10T14:45:00.000Z", "ID": "CVE-2021-36908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Reset PRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 5.98", + "version_value": "5.98" + } + ] + } + } + ] + }, + "vendor_name": "WebFactory Ltd." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpreset.com/changelog/", + "refsource": "CONFIRM", + "url": "https://wpreset.com/changelog/" + }, + { + "name": "https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-cross-site-request-forgery-csrf-vulnerability-leading-to-database-reset", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-cross-site-request-forgery-csrf-vulnerability-leading-to-database-reset" + }, + { + "name": "https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/", + "refsource": "CONFIRM", + "url": "https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 5.99 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36909.json b/2021/36xxx/CVE-2021-36909.json index 11c19cede54..bef5f055131 100644 --- a/2021/36xxx/CVE-2021-36909.json +++ b/2021/36xxx/CVE-2021-36909.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-11-10T14:22:00.000Z", "ID": "CVE-2021-36909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Reset PRO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 5.98", + "version_value": "5.98" + } + ] + } + } + ] + }, + "vendor_name": "WebFactory Ltd." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpreset.com/changelog/", + "refsource": "CONFIRM", + "url": "https://wpreset.com/changelog/" + }, + { + "name": "https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability" + }, + { + "name": "https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/", + "refsource": "MISC", + "url": "https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 5.99 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43549.json b/2021/43xxx/CVE-2021-43549.json index 0d9db41bff6..f49853a6e1f 100644 --- a/2021/43xxx/CVE-2021-43549.json +++ b/2021/43xxx/CVE-2021-43549.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-11-09T19:12:00.000Z", "ID": "CVE-2021-43549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OSIsoft PI Web API" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PI Web API", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All versions", + "version_value": "2019 SPI" + } + ] + } + } + ] + }, + "vendor_name": "OSIsoft" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "OSIsoft recommends upgrading to PI Web API 2021. Additional information can be found in the OSIsoft PI Web API security bulletin (registration required).\n\nOSIsoft recommends applying the following workaround in PI Web API to help reduce the risk:\n\nRemove the OSIsoft.REST.Documentation.dll from the PI Web API installation directory.\n\nThe PI Web API installation directory is available at this registry entry:\n\\\\HKLM\\SOFTWARE\\PISystem\\WebAPI\\InstallationDirectory\nThe default PI Web API installation directory is:\nC:\\Program Files\\PIPC\\WebAPI\nRemoving this file will cause built-in documentation to no longer be available. Navigating to the PI Web API endpoint with a browser will result in an error; however, the PI Web API will continue to function as a REST API\nDocumentation can be found at the OSIsoft website. Alternately, users are encouraged to limit access to PI Web API built-in documentation to dedicated development environments\nOSIsoft recommends users employ the following defense measures to lower the impact of exploitation for PI Web API:\n\nAvoid adding authentication type \u201cAnonymous\u201d in PI Web API configuration settings to limit exposure to authenticated users only,\nConsider using a web application firewall to block html responses from PI Web API servers,\nAudit the AF hierarchy to ensure there are no unauthorized databases, elements, or attributes,\nFor Kerberos authentication configurations, use Group Policy to deny network authentication to PI Server Administrator accounts on the PI Web API server.\nSee the OSIsoft customer portal knowledge article for additional details and associated security updates (registration required)." + } + ] } \ No newline at end of file