diff --git a/2021/44xxx/CVE-2021-44748.json b/2021/44xxx/CVE-2021-44748.json index aed661b40e2..76b5630c94f 100644 --- a/2021/44xxx/CVE-2021-44748.json +++ b/2021/44xxx/CVE-2021-44748.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-44748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure SAFE Browser for Android Version 18.5", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "18.5x" + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FIX : A fix has been released in the automatic update channel since 18th February 2022. No user action is required if automatic update is enabled." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44749.json b/2021/44xxx/CVE-2021-44749.json index 1bacc2d5c50..2e73e420eb5 100644 --- a/2021/44xxx/CVE-2021-44749.json +++ b/2021/44xxx/CVE-2021-44749.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-44749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure SAFE Browser for Android Version 18.5", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "18.5x" + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FIX : A fix has been released in the automatic update channel since 18th February 2022. No user action is required if automatic update is enabled." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0561.json b/2022/0xxx/CVE-2022-0561.json index 5b9acf0ab00..31991bc0351 100644 --- a/2022/0xxx/CVE-2022-0561.json +++ b/2022/0xxx/CVE-2022-0561.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-df1df6debd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0562.json b/2022/0xxx/CVE-2022-0562.json index 3cabecced99..f8b2b8e8de7 100644 --- a/2022/0xxx/CVE-2022-0562.json +++ b/2022/0xxx/CVE-2022-0562.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-df1df6debd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html" } ] }, diff --git a/2022/22xxx/CVE-2022-22844.json b/2022/22xxx/CVE-2022-22844.json index 6fcdc0eb69a..f8c0b8a984f 100644 --- a/2022/22xxx/CVE-2022-22844.json +++ b/2022/22xxx/CVE-2022-22844.json @@ -61,6 +61,11 @@ "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287", "refsource": "MISC", "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html" } ] } diff --git a/2022/24xxx/CVE-2022-24407.json b/2022/24xxx/CVE-2022-24407.json index 9837fb85c6e..04f16b1ac94 100644 --- a/2022/24xxx/CVE-2022-24407.json +++ b/2022/24xxx/CVE-2022-24407.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-5087", "url": "https://www.debian.org/security/2022/dsa-5087" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html" } ] }