admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 02:01:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-27 01:00:41 +00:00
parent d06b19066a
commit 1c0fda5275
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2020/24xxx/CVE-2020-24421.json
View File

@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "Low",
"baseScore": 3.3,
"baseSeverity": "Low",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21013.json
View File

@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure."
"value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ",
"version": "3.1"
}
},

16
2021/21xxx/CVE-2021-21042.json
View File

@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4,
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"confidentialityImpact": "Low",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},

14
2021/21xxx/CVE-2021-21082.json
View File

@ -56,16 +56,16 @@
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "Low",
"baseScore": 7.5,
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "Low",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

16
2021/21xxx/CVE-2021-21085.json
View File

@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account."
"value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "Low",
"baseScore": 7.1,
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

16
2021/28xxx/CVE-2021-28545.json
View File

@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file."
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},