diff --git a/2021/25xxx/CVE-2021-25331.json b/2021/25xxx/CVE-2021-25331.json index 565db9842b2..d2e96a1bbeb 100644 --- a/2021/25xxx/CVE-2021-25331.json +++ b/2021/25xxx/CVE-2021-25331.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Pay Mini", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.0.14" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 3.2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25332.json b/2021/25xxx/CVE-2021-25332.json index eeca9dc7a40..0089139c525 100644 --- a/2021/25xxx/CVE-2021-25332.json +++ b/2021/25xxx/CVE-2021-25332.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25332", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Pay Mini", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.0.14" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 3.2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25333.json b/2021/25xxx/CVE-2021-25333.json index 55c6dbde1eb..469cc848bb1 100644 --- a/2021/25xxx/CVE-2021-25333.json +++ b/2021/25xxx/CVE-2021-25333.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Pay Mini", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.0.14" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 3.2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25334.json b/2021/25xxx/CVE-2021-25334.json index efbe8fcb270..e4eaf2490df 100644 --- a/2021/25xxx/CVE-2021-25334.json +++ b/2021/25xxx/CVE-2021-25334.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0) , R(11.0)", + "version_value": "SMR Feb-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25335.json b/2021/25xxx/CVE-2021-25335.json index 77b23adb3b1..7ab6896d077 100644 --- a/2021/25xxx/CVE-2021-25335.json +++ b/2021/25xxx/CVE-2021-25335.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25335", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Selected Q(10.0)", + "version_value": "SMR Mar-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703: Improper Check or Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25336.json b/2021/25xxx/CVE-2021-25336.json index bbed1dd760e..8e6ea6b19b6 100644 --- a/2021/25xxx/CVE-2021-25336.json +++ b/2021/25xxx/CVE-2021-25336.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0)", + "version_value": "SMR Mar-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25337.json b/2021/25xxx/CVE-2021-25337.json index bb262187b50..923354d5067 100644 --- a/2021/25xxx/CVE-2021-25337.json +++ b/2021/25xxx/CVE-2021-25337.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Selected P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Mar-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25338.json b/2021/25xxx/CVE-2021-25338.json index 6af6e14ecc2..a17f2e8b08a 100644 --- a/2021/25xxx/CVE-2021-25338.json +++ b/2021/25xxx/CVE-2021-25338.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Selected Q(10.0), R(11.0)", + "version_value": "SMR Mar-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25339.json b/2021/25xxx/CVE-2021-25339.json index 2560ed01e22..72fb9e28729 100644 --- a/2021/25xxx/CVE-2021-25339.json +++ b/2021/25xxx/CVE-2021-25339.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Selected Q(10.0), R(11.0)", + "version_value": "SMR Mar-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com", + "name": "https://security.samsungmobile.com" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26293.json b/2021/26xxx/CVE-2021-26293.json index 883883354f6..a165ad399cd 100644 --- a/2021/26xxx/CVE-2021-26293.json +++ b/2021/26xxx/CVE-2021-26293.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26293", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26293", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/", + "url": "https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/" } ] } diff --git a/2021/26xxx/CVE-2021-26988.json b/2021/26xxx/CVE-2021-26988.json index b3412d5a760..170d88f1ab5 100644 --- a/2021/26xxx/CVE-2021-26988.json +++ b/2021/26xxx/CVE-2021-26988.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "Prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20210303-0001", + "url": "https://security.netapp.com/advisory/NTAP-20210303-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs." } ] } diff --git a/2021/26xxx/CVE-2021-26989.json b/2021/26xxx/CVE-2021-26989.json index 70eba6af082..5b4d720ed69 100644 --- a/2021/26xxx/CVE-2021-26989.json +++ b/2021/26xxx/CVE-2021-26989.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "Prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20210303-0002", + "url": "https://security.netapp.com/advisory/NTAP-20210303-0002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access." } ] } diff --git a/2021/27xxx/CVE-2021-27940.json b/2021/27xxx/CVE-2021-27940.json index 9a9cb7dcf93..35ea4e985c9 100644 --- a/2021/27xxx/CVE-2021-27940.json +++ b/2021/27xxx/CVE-2021-27940.json @@ -61,6 +61,11 @@ "url": "https://github.com/openark/orchestrator/releases/tag/v3.2.4", "refsource": "MISC", "name": "https://github.com/openark/orchestrator/releases/tag/v3.2.4" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=DOYm0DIS3Us", + "url": "https://www.youtube.com/watch?v=DOYm0DIS3Us" } ] } diff --git a/2021/27xxx/CVE-2021-27956.json b/2021/27xxx/CVE-2021-27956.json new file mode 100644 index 00000000000..4b668ea9f4e --- /dev/null +++ b/2021/27xxx/CVE-2021-27956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file