From 2790d55485e5472aae1141887383bae4b4e195b1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 9 Apr 2021 18:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13532.json | 50 ++++++++++++++- 2020/13xxx/CVE-2020-13533.json | 50 ++++++++++++++- 2020/13xxx/CVE-2020-13534.json | 50 ++++++++++++++- 2020/13xxx/CVE-2020-13587.json | 50 ++++++++++++++- 2020/13xxx/CVE-2020-13591.json | 50 ++++++++++++++- 2020/13xxx/CVE-2020-13592.json | 50 ++++++++++++++- 2020/23xxx/CVE-2020-23761.json | 61 ++++++++++++++++-- 2020/23xxx/CVE-2020-23762.json | 61 ++++++++++++++++-- 2020/23xxx/CVE-2020-23763.json | 61 ++++++++++++++++-- 2021/20xxx/CVE-2021-20021.json | 112 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20022.json | 112 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20080.json | 60 +++++++++++++++++- 2021/21xxx/CVE-2021-21728.json | 50 ++++++++++++++- 2021/25xxx/CVE-2021-25356.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25357.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25358.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25359.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25360.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25361.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25362.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25363.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25364.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25365.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25373.json | 100 +++++++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25374.json | 90 ++++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25375.json | 84 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25376.json | 84 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25377.json | 90 ++++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25378.json | 84 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25379.json | 85 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25380.json | 84 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25381.json | 90 ++++++++++++++++++++++++-- 32 files changed, 2190 insertions(+), 268 deletions(-) diff --git a/2020/13xxx/CVE-2020-13532.json b/2020/13xxx/CVE-2020-13532.json index f1b170d3b19..2b97e8065c2 100644 --- a/2020/13xxx/CVE-2020-13532.json +++ b/2020/13xxx/CVE-2020-13532.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Dream Report", + "version": { + "version_data": [ + { + "version_value": "Dream Report 5 R20-2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2020/13xxx/CVE-2020-13533.json b/2020/13xxx/CVE-2020-13533.json index 5c74d1f49e1..fa6d22c4bf5 100644 --- a/2020/13xxx/CVE-2020-13533.json +++ b/2020/13xxx/CVE-2020-13533.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Dream Report", + "version": { + "version_data": [ + { + "version_value": "Dream Report 5 R20-2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively \u2018backdoor\u2019 the installation files and escalate privileges when a new user logs in and uses the application." } ] } diff --git a/2020/13xxx/CVE-2020-13534.json b/2020/13xxx/CVE-2020-13534.json index 18dadf8a6f2..937eccc43ca 100644 --- a/2020/13xxx/CVE-2020-13534.json +++ b/2020/13xxx/CVE-2020-13534.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Dream Report", + "version": { + "version_data": [ + { + "version_value": "Dream Report 5 R20-2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2020/13xxx/CVE-2020-13587.json b/2020/13xxx/CVE-2020-13587.json index bec9f6e34fb..12340ea485f 100644 --- a/2020/13xxx/CVE-2020-13587.json +++ b/2020/13xxx/CVE-2020-13587.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rukovoditel", + "version": { + "version_data": [ + { + "version_value": "Rukovoditel Project Management App 2.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1198", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1198" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the \"forms_fields_rules/rules\" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery." } ] } diff --git a/2020/13xxx/CVE-2020-13591.json b/2020/13xxx/CVE-2020-13591.json index 7f226ae7cb0..39f48fa87c6 100644 --- a/2020/13xxx/CVE-2020-13591.json +++ b/2020/13xxx/CVE-2020-13591.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rukovoditel", + "version": { + "version_data": [ + { + "version_value": "Rukovoditel Project Management App 2.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1200", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1200" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the \"access_rules/rules_form\" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery." } ] } diff --git a/2020/13xxx/CVE-2020-13592.json b/2020/13xxx/CVE-2020-13592.json index f6322295bd9..c005a8db8bf 100644 --- a/2020/13xxx/CVE-2020-13592.json +++ b/2020/13xxx/CVE-2020-13592.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rukovoditel", + "version": { + "version_data": [ + { + "version_value": "Rukovoditel Project Management App 2.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1201", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1201" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in \"global_lists/choices\" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery." } ] } diff --git a/2020/23xxx/CVE-2020-23761.json b/2020/23xxx/CVE-2020-23761.json index da180380bac..ea82068b009 100644 --- a/2020/23xxx/CVE-2020-23761.json +++ b/2020/23xxx/CVE-2020-23761.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23761", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23761", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the \"payment gateway\" column on transactions tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://subrion.org/", + "refsource": "MISC", + "name": "https://subrion.org/" + }, + { + "refsource": "MISC", + "name": "http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version/", + "url": "http://hidden-one.co.in/2021/04/09/cve-2020-23761-stored-xss-vulnerability-in-subrion-cms-version/" } ] } diff --git a/2020/23xxx/CVE-2020-23762.json b/2020/23xxx/CVE-2020-23762.json index bae28d49d65..52dc06e1c2d 100644 --- a/2020/23xxx/CVE-2020-23762.json +++ b/2020/23xxx/CVE-2020-23762.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23762", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23762", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the \"titel\" column on the \"Eintrage hinzufugen\" tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/larsens-calender/", + "url": "https://wordpress.org/plugins/larsens-calender/" + }, + { + "refsource": "MISC", + "name": "http://hidden-one.co.in/2021/04/09/cve-2020-23762-stored-xss-vulnerability-in-the-larsens-calender-plugin-version/", + "url": "http://hidden-one.co.in/2021/04/09/cve-2020-23762-stored-xss-vulnerability-in-the-larsens-calender-plugin-version/" } ] } diff --git a/2020/23xxx/CVE-2020-23763.json b/2020/23xxx/CVE-2020-23763.json index 082c7abf84b..08f0ea45a33 100644 --- a/2020/23xxx/CVE-2020-23763.json +++ b/2020/23xxx/CVE-2020-23763.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23763", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23763", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/", + "refsource": "MISC", + "name": "https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/" + }, + { + "refsource": "MISC", + "name": "http://hidden-one.co.in/2021/04/09/cve-2020-23763-sql-injection-leading-to-authentication-bypass-in-online-book-store-1-0/", + "url": "http://hidden-one.co.in/2021/04/09/cve-2020-23763-sql-injection-leading-to-authentication-bypass-in-online-book-store-1-0/" } ] } diff --git a/2021/20xxx/CVE-2021-20021.json b/2021/20xxx/CVE-2021-20021.json index 8efd7ea50a4..d9d2be0cbae 100644 --- a/2021/20xxx/CVE-2021-20021.json +++ b/2021/20xxx/CVE-2021-20021.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20021", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Email Security", - "version": { - "version_data": [ - { - "version_value": "10.0.9 and earlier" - } - ] + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Security", + "version": { + "version_data": [ + { + "version_value": "10.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269: Improper Privilege Management" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20022.json b/2021/20xxx/CVE-2021-20022.json index 4a5277fd98d..51122099e7f 100644 --- a/2021/20xxx/CVE-2021-20022.json +++ b/2021/20xxx/CVE-2021-20022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20022", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Email Security", - "version": { - "version_data": [ - { - "version_value": "10.0.9 and earlier" - } - ] + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Security", + "version": { + "version_data": [ + { + "version_value": "10.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434: Unrestricted Upload of File with Dangerous Type" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20080.json b/2021/20xxx/CVE-2021-20080.json index 3c3f4f50cf7..c21f0f4b0d5 100644 --- a/2021/20xxx/CVE-2021-20080.json +++ b/2021/20xxx/CVE-2021-20080.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageEngine ServiceDesk Plus", + "version": { + "version_data": [ + { + "version_value": "Before 11200" + } + ] + } + }, + { + "product_name": "ManageEngine AssetExplorer", + "version": { + "version_data": [ + { + "version_value": "Before 6800" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Stored Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-11", + "url": "https://www.tenable.com/security/research/tra-2021-11" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file." } ] } diff --git a/2021/21xxx/CVE-2021-21728.json b/2021/21xxx/CVE-2021-21728.json index 424f8c46306..acd50287f97 100644 --- a/2021/21xxx/CVE-2021-21728.json +++ b/2021/21xxx/CVE-2021-21728.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZXA10 C300M", + "version": { + "version_data": [ + { + "version_value": "all versions up to V4.3P8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "configuration error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8." } ] } diff --git a/2021/25xxx/CVE-2021-25356.json b/2021/25xxx/CVE-2021-25356.json index 2a5753c882e..602059fe3ab 100644 --- a/2021/25xxx/CVE-2021-25356.json +++ b/2021/25xxx/CVE-2021-25356.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25357.json b/2021/25xxx/CVE-2021-25357.json index 74c317256a3..5e64d95fed9 100644 --- a/2021/25xxx/CVE-2021-25357.json +++ b/2021/25xxx/CVE-2021-25357.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0) and 3.6.80.7 in Android R(11.0)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25358.json b/2021/25xxx/CVE-2021-25358.json index 525c2798af5..60b54b2e57c 100644 --- a/2021/25xxx/CVE-2021-25358.json +++ b/2021/25xxx/CVE-2021-25358.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256 Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25359.json b/2021/25xxx/CVE-2021-25359.json index b7592b25618..3966b64741d 100644 --- a/2021/25xxx/CVE-2021-25359.json +++ b/2021/25xxx/CVE-2021-25359.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25360.json b/2021/25xxx/CVE-2021-25360.json index dfcc1733174..82e807de4a2 100644 --- a/2021/25xxx/CVE-2021-25360.json +++ b/2021/25xxx/CVE-2021-25360.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25361.json b/2021/25xxx/CVE-2021-25361.json index d855f341c4c..649d288fe61 100644 --- a/2021/25xxx/CVE-2021-25361.json +++ b/2021/25xxx/CVE-2021-25361.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25362.json b/2021/25xxx/CVE-2021-25362.json index 75ca07f73ba..33757fb21e9 100644 --- a/2021/25xxx/CVE-2021-25362.json +++ b/2021/25xxx/CVE-2021-25362.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.x), P(9.x), Q(10.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25363.json b/2021/25xxx/CVE-2021-25363.json index 6b0e954c26f..c6bc62b8a9f 100644 --- a/2021/25xxx/CVE-2021-25363.json +++ b/2021/25xxx/CVE-2021-25363.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25364.json b/2021/25xxx/CVE-2021-25364.json index 5c86e7bdfa2..c21352f97b2 100644 --- a/2021/25xxx/CVE-2021-25364.json +++ b/2021/25xxx/CVE-2021-25364.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25365.json b/2021/25xxx/CVE-2021-25365.json index 9f3bb369d67..22dc54cf237 100644 --- a/2021/25xxx/CVE-2021-25365.json +++ b/2021/25xxx/CVE-2021-25365.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR APR-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25373.json b/2021/25xxx/CVE-2021-25373.json index ccbf0d2b8ae..44db07c29c7 100644 --- a/2021/25xxx/CVE-2021-25373.json +++ b/2021/25xxx/CVE-2021-25373.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customization Service", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android O(8.x)", + "version_value": "2.2.02.1" + }, + { + "version_affected": "<", + "version_name": "Android P(9.0)", + "version_value": "2.4.03.0" + }, + { + "version_affected": "<", + "version_name": "Android Q(10.0)", + "version_value": "2.7.02.1" + }, + { + "version_affected": "<", + "version_name": "Android R(11.0)", + "version_value": "2.9.01.1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25374.json b/2021/25xxx/CVE-2021-25374.json index 92bec7af37b..4ad4d7145b9 100644 --- a/2021/25xxx/CVE-2021-25374.json +++ b/2021/25xxx/CVE-2021-25374.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Members", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android O(8.x) and below", + "version_value": "2.4.83.9" + }, + { + "version_affected": "<", + "version_name": "Android P(9.0) and above", + "version_value": "3.9.00.9" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability in Samsung Members \"samsungrewards\" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25375.json b/2021/25xxx/CVE-2021-25375.json index 695b14e8a3c..2d795b9c82a 100644 --- a/2021/25xxx/CVE-2021-25375.json +++ b/2021/25xxx/CVE-2021-25375.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25375", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Email", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.1.41.0" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25376.json b/2021/25xxx/CVE-2021-25376.json index 356efb85d1c..2d092f7c683 100644 --- a/2021/25xxx/CVE-2021-25376.json +++ b/2021/25xxx/CVE-2021-25376.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Email", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.1.41.0" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25377.json b/2021/25xxx/CVE-2021-25377.json index 4061b106e4a..005b7d1972c 100644 --- a/2021/25xxx/CVE-2021-25377.json +++ b/2021/25xxx/CVE-2021-25377.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Experience Service", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android P(9.0) below", + "version_value": "10.8.0.4" + }, + { + "version_affected": "<", + "version_name": "Android Q(10.0) above", + "version_value": "12.2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25378.json b/2021/25xxx/CVE-2021-25378.json index 0ee3f893334..0f7ccc81645 100644 --- a/2021/25xxx/CVE-2021-25378.json +++ b/2021/25xxx/CVE-2021-25378.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.7.63.6" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25379.json b/2021/25xxx/CVE-2021-25379.json index 633ec6fb345..5c7a29a6ee5 100644 --- a/2021/25xxx/CVE-2021-25379.json +++ b/2021/25xxx/CVE-2021-25379.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gallery", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android O(8.x)", + "version_value": "5.4.16.1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-926 Improper Export of Android Application Components" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25380.json b/2021/25xxx/CVE-2021-25380.json index 9ccfda1d94d..46690eeac37 100644 --- a/2021/25xxx/CVE-2021-25380.json +++ b/2021/25xxx/CVE-2021-25380.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bixby", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.0.53.02" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703 Improper Check or Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25381.json b/2021/25xxx/CVE-2021-25381.json index e6fb864db4a..b7b9a1f950c 100644 --- a/2021/25xxx/CVE-2021-25381.json +++ b/2021/25xxx/CVE-2021-25381.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Account", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android P(9.0) and below", + "version_value": "10.8.0.4" + }, + { + "version_affected": "<", + "version_name": "Android Q(10.0) and above", + "version_value": "12.1.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/", + "url": "https://security.samsungmobile.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/serviceWeb.smsb", + "url": "https://security.samsungmobile.com/serviceWeb.smsb" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file