From 2c55960bebb8fbed7505712427ad1059bb53d80c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Feb 2022 18:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14521.json | 599 ++++++++++++++++++++++++++++++++- 2020/14xxx/CVE-2020-14523.json | 214 +++++++++++- 2021/0xxx/CVE-2021-0524.json | 50 ++- 2021/0xxx/CVE-2021-0706.json | 8 +- 2021/22xxx/CVE-2021-22748.json | 50 ++- 2021/22xxx/CVE-2021-22785.json | 50 ++- 2021/22xxx/CVE-2021-22787.json | 50 ++- 2021/22xxx/CVE-2021-22788.json | 50 ++- 2021/22xxx/CVE-2021-22796.json | 50 ++- 2021/22xxx/CVE-2021-22798.json | 50 ++- 2021/22xxx/CVE-2021-22800.json | 50 ++- 2021/22xxx/CVE-2021-22801.json | 50 ++- 2021/22xxx/CVE-2021-22802.json | 50 ++- 2021/22xxx/CVE-2021-22803.json | 50 ++- 2021/22xxx/CVE-2021-22804.json | 50 ++- 2021/22xxx/CVE-2021-22805.json | 50 ++- 2021/22xxx/CVE-2021-22806.json | 50 ++- 2021/22xxx/CVE-2021-22823.json | 50 ++- 2021/22xxx/CVE-2021-22824.json | 50 ++- 2021/23xxx/CVE-2021-23597.json | 17 +- 2021/31xxx/CVE-2021-31932.json | 56 ++- 2021/34xxx/CVE-2021-34235.json | 56 ++- 2021/38xxx/CVE-2021-38892.json | 98 +----- 2021/39xxx/CVE-2021-39616.json | 50 ++- 2021/39xxx/CVE-2021-39619.json | 50 ++- 2021/39xxx/CVE-2021-39631.json | 50 ++- 2021/39xxx/CVE-2021-39635.json | 50 ++- 2021/39xxx/CVE-2021-39658.json | 50 ++- 2021/39xxx/CVE-2021-39662.json | 50 ++- 2021/39xxx/CVE-2021-39663.json | 50 ++- 2021/39xxx/CVE-2021-39664.json | 50 ++- 2021/39xxx/CVE-2021-39665.json | 50 ++- 2021/39xxx/CVE-2021-39666.json | 50 ++- 2021/39xxx/CVE-2021-39668.json | 50 ++- 2021/39xxx/CVE-2021-39669.json | 50 ++- 2021/39xxx/CVE-2021-39671.json | 50 ++- 2021/39xxx/CVE-2021-39672.json | 50 ++- 2021/39xxx/CVE-2021-39674.json | 50 ++- 2021/39xxx/CVE-2021-39675.json | 50 ++- 2021/39xxx/CVE-2021-39676.json | 50 ++- 2021/39xxx/CVE-2021-39677.json | 50 ++- 2021/39xxx/CVE-2021-39687.json | 50 ++- 2021/39xxx/CVE-2021-39688.json | 50 ++- 2021/44xxx/CVE-2021-44111.json | 56 ++- 2021/4xxx/CVE-2021-4035.json | 100 +++++- 2021/4xxx/CVE-2021-4046.json | 95 +++++- 2022/0xxx/CVE-2022-0185.json | 65 +++- 2022/0xxx/CVE-2022-0382.json | 50 ++- 2022/0xxx/CVE-2022-0483.json | 68 +++- 2022/0xxx/CVE-2022-0561.json | 84 ++++- 2022/0xxx/CVE-2022-0562.json | 84 ++++- 2022/22xxx/CVE-2022-22291.json | 77 ++++- 2022/22xxx/CVE-2022-22292.json | 77 ++++- 2022/23xxx/CVE-2022-23102.json | 5 + 2022/23xxx/CVE-2022-23425.json | 77 ++++- 2022/23xxx/CVE-2022-23426.json | 77 ++++- 2022/23xxx/CVE-2022-23427.json | 77 ++++- 2022/23xxx/CVE-2022-23428.json | 77 ++++- 2022/23xxx/CVE-2022-23429.json | 77 ++++- 2022/23xxx/CVE-2022-23431.json | 77 ++++- 2022/23xxx/CVE-2022-23432.json | 77 ++++- 2022/23xxx/CVE-2022-23433.json | 77 ++++- 2022/23xxx/CVE-2022-23707.json | 52 ++- 2022/23xxx/CVE-2022-23853.json | 61 +++- 2022/23xxx/CVE-2022-23998.json | 77 ++++- 2022/23xxx/CVE-2022-23999.json | 77 ++++- 2022/24xxx/CVE-2022-24000.json | 77 ++++- 2022/24xxx/CVE-2022-24001.json | 77 ++++- 2022/24xxx/CVE-2022-24002.json | 77 ++++- 2022/24xxx/CVE-2022-24003.json | 77 ++++- 2022/24xxx/CVE-2022-24923.json | 77 ++++- 2022/24xxx/CVE-2022-24924.json | 77 ++++- 2022/24xxx/CVE-2022-24925.json | 77 ++++- 2022/24xxx/CVE-2022-24926.json | 76 ++++- 2022/24xxx/CVE-2022-24927.json | 77 ++++- 2022/24xxx/CVE-2022-24968.json | 18 + 2022/24xxx/CVE-2022-24969.json | 18 + 2022/24xxx/CVE-2022-24970.json | 18 + 2022/24xxx/CVE-2022-24971.json | 18 + 2022/24xxx/CVE-2022-24972.json | 18 + 2022/24xxx/CVE-2022-24973.json | 18 + 2022/24xxx/CVE-2022-24974.json | 18 + 82 files changed, 4903 insertions(+), 407 deletions(-) create mode 100644 2022/24xxx/CVE-2022-24968.json create mode 100644 2022/24xxx/CVE-2022-24969.json create mode 100644 2022/24xxx/CVE-2022-24970.json create mode 100644 2022/24xxx/CVE-2022-24971.json create mode 100644 2022/24xxx/CVE-2022-24972.json create mode 100644 2022/24xxx/CVE-2022-24973.json create mode 100644 2022/24xxx/CVE-2022-24974.json diff --git a/2020/14xxx/CVE-2020-14521.json b/2020/14xxx/CVE-2020-14521.json index d65eeb84b05..7f1439300f1 100644 --- a/2020/14xxx/CVE-2020-14521.json +++ b/2020/14xxx/CVE-2020-14521.json @@ -1,18 +1,605 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-30T16:50:00.000Z", "ID": "CVE-2020-14521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "C Controller Interface Module Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "C Controller Module Setting and Monitoring Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "CC-Link IE Control Network Data Collector", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 1.00A" + } + ] + } + }, + { + "product_name": "CC-Link IE Field Network Data Collector", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 1.00A" + } + ] + } + }, + { + "product_name": "CC-Link IE TSN Data Collector", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 1.00A" + } + ] + } + }, + { + "product_name": "CPU Module Logging Configuration Tool", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": " Version 1.100E" + } + ] + } + }, + { + "product_name": "CW Configurator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.010L" + } + ] + } + }, + { + "product_name": "Data Transfer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 3.42U and prior" + } + ] + } + }, + { + "product_name": "EZSocket", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 5.1 " + } + ] + } + }, + { + "product_name": "FR Configurator SW3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "FR Configurator2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "GT Designer2 Classic", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "GT Designer3 Version1 (GOT1000)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.241B" + } + ] + } + }, + { + "product_name": "GT Designer3 Version1 (GOT2000)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.241B" + } + ] + } + }, + { + "product_name": "GT SoftGOT1000 Version3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 3.200J" + } + ] + } + }, + { + "product_name": "GT SoftGOT2000 Version1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.241B" + } + ] + } + }, + { + "product_name": "GX Developer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 8.504A" + } + ] + } + }, + { + "product_name": "GX LogViewer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.100E" + } + ] + } + }, + { + "product_name": "GX Works2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.601B" + } + ] + } + }, + { + "product_name": "GX Works3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.063R" + } + ] + } + }, + { + "product_name": "M_CommDTM-IO-Link", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "MELFA-Works", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 4.4" + } + ] + } + }, + { + "product_name": "MELSEC WinCPU Setting Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "MELSOFT Complete Clean Up Tool", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.06G" + } + ] + } + }, + { + "product_name": "MELSOFT EM Software Development Kit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "MELSOFT iQ AppPortal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.17T " + } + ] + } + }, + { + "product_name": "MELSOFT Navigator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 2.74C" + } + ] + } + }, + { + "product_name": "MI Configurator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Motion Control Setting", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.005F" + } + ] + } + }, + { + "product_name": "Motorizer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.005F" + } + ] + } + }, + { + "product_name": "MR Configurator2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.125F" + } + ] + } + }, + { + "product_name": "MT Works2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.167Z" + } + ] + } + }, + { + "product_name": "MTConnect Data Collector", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.1.4.0" + } + ] + } + }, + { + "product_name": "MX Component", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 4.20W" + } + ] + } + }, + { + "product_name": "MX MESInterface", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.21X" + } + ] + } + }, + { + "product_name": "MX MESInterface-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.12N" + } + ] + } + }, + { + "product_name": "MX Sheet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 2.15R" + } + ] + } + }, + { + "product_name": "Network Interface Board CC IE Control Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Network Interface Board CC IE Field Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Network Interface Board CC-Link Ver.2 Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Network Interface Board MNETH Utility", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Position Board utility 2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "PX Developer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "version 1.53F" + } + ] + } + }, + { + "product_name": "RT ToolBox2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 3.73B " + } + ] + } + }, + { + "product_name": "RT ToolBox3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.82L" + } + ] + } + }, + { + "product_name": "Setting/monitoring tools for the C Controller module", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "SLMP Data Collector", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.04E" + } + ] + } + } + ] + }, + "vendor_name": "Mitsubishi Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mashav Sapir of Claroty reported this vulnerability to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-428 Unquoted Search Path or Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-04" + } + ] + }, + "solution": [ + { + "lang": "eng" + } + ], + "source": { + "advisory": "ICSA-20-212-04", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14523.json b/2020/14xxx/CVE-2020-14523.json index 0637b1465fa..925a3b3f1ab 100644 --- a/2020/14xxx/CVE-2020-14523.json +++ b/2020/14xxx/CVE-2020-14523.json @@ -1,18 +1,220 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-30T16:50:00.000Z", "ID": "CVE-2020-14523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Mitsubishi Electric Factory Automation Products Path Traversal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CW Configurator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.010L" + } + ] + } + }, + { + "product_name": "FR Configurator2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.22Y" + } + ] + } + }, + { + "product_name": "GX Works2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.595V" + } + ] + } + }, + { + "product_name": "GX Works3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.063R" + } + ] + } + }, + { + "product_name": "MELSOFT iQ AppPortal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.17T" + } + ] + } + }, + { + "product_name": "MELSOFT Navigator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version2.70Y" + } + ] + } + }, + { + "product_name": "MI Configurator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "MR Configurator2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 1.110Q" + } + ] + } + }, + { + "product_name": "MT Works2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Versions 1.156N" + } + ] + } + }, + { + "product_name": "MX Component", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Version 4.20W" + } + ] + } + }, + { + "product_name": "RT ToolBox3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Versions 1.70Y" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series Motion Module", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "Versions 10" + } + ] + } + } + ] + }, + "vendor_name": "Mitsubishi Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mashav Sapir of Claroty reported this vulnerability to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-03" + } + ] + }, + "solution": [ + { + "lang": "eng" + } + ], + "source": { + "advisory": "ICSA-20-212-03", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/0xxx/CVE-2021-0524.json b/2021/0xxx/CVE-2021-0524.json index daef3873624..95f2a046a0e 100644 --- a/2021/0xxx/CVE-2021-0524.json +++ b/2021/0xxx/CVE-2021-0524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/aaos/2022-02-01", + "url": "https://source.android.com/security/bulletin/aaos/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334" } ] } diff --git a/2021/0xxx/CVE-2021-0706.json b/2021/0xxx/CVE-2021-0706.json index a510effed7c..c607df3d1f9 100644 --- a/2021/0xxx/CVE-2021-0706.json +++ b/2021/0xxx/CVE-2021-0706.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Android-9 Android-10 Android-11 Android-8.1" + "version_value": "Android-10 Android-11" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2021-10-01", - "url": "https://source.android.com/security/bulletin/2021-10-01" + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889" + "value": "In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889" } ] } diff --git a/2021/22xxx/CVE-2021-22748.json b/2021/22xxx/CVE-2021-22748.json index 7447c899757..bd5c340c64a 100644 --- a/2021/22xxx/CVE-2021-22748.json +++ b/2021/22xxx/CVE-2021-22748.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)", + "version": { + "version_data": [ + { + "version_value": "C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22785.json b/2021/22xxx/CVE-2021-22785.json index 45ab8a5f202..3e9a1c43c40 100644 --- a/2021/22xxx/CVE-2021-22785.json +++ b/2021/22xxx/CVE-2021-22785.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" } ] } diff --git a/2021/22xxx/CVE-2021-22787.json b/2021/22xxx/CVE-2021-22787.json index d61c6224861..d7a7673e067 100644 --- a/2021/22xxx/CVE-2021-22787.json +++ b/2021/22xxx/CVE-2021-22787.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" } ] } diff --git a/2021/22xxx/CVE-2021-22788.json b/2021/22xxx/CVE-2021-22788.json index 6d447715dab..3225f2f533e 100644 --- a/2021/22xxx/CVE-2021-22788.json +++ b/2021/22xxx/CVE-2021-22788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)" } ] } diff --git a/2021/22xxx/CVE-2021-22796.json b/2021/22xxx/CVE-2021-22796.json index 4961a28d487..7884d7d19bb 100644 --- a/2021/22xxx/CVE-2021-22796.json +++ b/2021/22xxx/CVE-2021-22796.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)", + "version": { + "version_data": [ + { + "version_value": "C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22798.json b/2021/22xxx/CVE-2021-22798.json index 68e74be49cf..1fc47599352 100644 --- a/2021/22xxx/CVE-2021-22798.json +++ b/2021/22xxx/CVE-2021-22798.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Conext\ufffd ComBox (All Versions)", + "version": { + "version_data": [ + { + "version_value": "Conext\ufffd ComBox (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/in/en/download/document/SEVD-2021-257-04/", + "url": "https://www.se.com/in/en/download/document/SEVD-2021-257-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext\ufffd ComBox (All Versions)" } ] } diff --git a/2021/22xxx/CVE-2021-22800.json b/2021/22xxx/CVE-2021-22800.json index ae4221ec4d8..6d53faef8eb 100644 --- a/2021/22xxx/CVE-2021-22800.json +++ b/2021/22xxx/CVE-2021-22800.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M218 Logic Controller (V5.1.0.6 and prior)", + "version": { + "version_data": [ + { + "version_value": "Modicon M218 Logic Controller (V5.1.0.6 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22801.json b/2021/22xxx/CVE-2021-22801.json index 0806f7e5ad1..dc87fc5c8a7 100644 --- a/2021/22xxx/CVE-2021-22801.json +++ b/2021/22xxx/CVE-2021-22801.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ConneXium Network Manager Software (All Versions)", + "version": { + "version_data": [ + { + "version_value": "ConneXium Network Manager Software (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)" } ] } diff --git a/2021/22xxx/CVE-2021-22802.json b/2021/22xxx/CVE-2021-22802.json index 73ce8194f04..a366f13f736 100644 --- a/2021/22xxx/CVE-2021-22802.json +++ b/2021/22xxx/CVE-2021-22802.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22803.json b/2021/22xxx/CVE-2021-22803.json index c8ca3f5475c..1c792d0a503 100644 --- a/2021/22xxx/CVE-2021-22803.json +++ b/2021/22xxx/CVE-2021-22803.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22804.json b/2021/22xxx/CVE-2021-22804.json index 813bd9968c7..513d5b65169 100644 --- a/2021/22xxx/CVE-2021-22804.json +++ b/2021/22xxx/CVE-2021-22804.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22805.json b/2021/22xxx/CVE-2021-22805.json index cad28fcebe8..1564d277dce 100644 --- a/2021/22xxx/CVE-2021-22805.json +++ b/2021/22xxx/CVE-2021-22805.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22806.json b/2021/22xxx/CVE-2021-22806.json index bdb3093b3d2..c4d3eaf35a8 100644 --- a/2021/22xxx/CVE-2021-22806.json +++ b/2021/22xxx/CVE-2021-22806.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)", + "version": { + "version_data": [ + { + "version_value": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-669: Incorrect Resource Transfer Between Spheres" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22823.json b/2021/22xxx/CVE-2021-22823.json index cb2c10de66f..1197f32aad9 100644 --- a/2021/22xxx/CVE-2021-22823.json +++ b/2021/22xxx/CVE-2021-22823.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)" } ] } diff --git a/2021/22xxx/CVE-2021-22824.json b/2021/22xxx/CVE-2021-22824.json index 156bfdada07..9d20b44be08 100644 --- a/2021/22xxx/CVE-2021-22824.json +++ b/2021/22xxx/CVE-2021-22824.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)", + "version": { + "version_data": [ + { + "version_value": "Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)" } ] } diff --git a/2021/23xxx/CVE-2021-23597.json b/2021/23xxx/CVE-2021-23597.json index 9494fdc2a21..ea813c97cec 100644 --- a/2021/23xxx/CVE-2021-23597.json +++ b/2021/23xxx/CVE-2021-23597.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480", + "name": "https://snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-2395480" }, { - "refsource": "CONFIRM", - "url": "https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066" + "refsource": "MISC", + "url": "https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066", + "name": "https://github.com/fastify/fastify-multipart/commit/a70dc7059a794589bd4fe066453141fc609e6066" }, { - "refsource": "CONFIRM", - "url": "https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1" + "refsource": "MISC", + "url": "https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1", + "name": "https://github.com/fastify/fastify-multipart/releases/tag/v5.3.1" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package fastify-multipart before 5.3.1.\n By providing a name=constructor property it is still possible to crash the application. \r\n\r\n\r\n**Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).\r\n\r\n" + "value": "This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382)." } ] }, diff --git a/2021/31xxx/CVE-2021-31932.json b/2021/31xxx/CVE-2021-31932.json index 3547d876a28..f59c824604c 100644 --- a/2021/31xxx/CVE-2021-31932.json +++ b/2021/31xxx/CVE-2021-31932.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/165964/Nokia-Transport-Module-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/165964/Nokia-Transport-Module-Authentication-Bypass.html" } ] } diff --git a/2021/34xxx/CVE-2021-34235.json b/2021/34xxx/CVE-2021-34235.json index d75c34f7f90..39642d71ac5 100644 --- a/2021/34xxx/CVE-2021-34235.json +++ b/2021/34xxx/CVE-2021-34235.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34235", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34235", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/165944/Tokheim-Profleet-DiaLOG-Fuel-Management-System-11.005.02-SQL-Injection-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/165944/Tokheim-Profleet-DiaLOG-Fuel-Management-System-11.005.02-SQL-Injection-Code-Execution.html" } ] } diff --git a/2021/38xxx/CVE-2021-38892.json b/2021/38xxx/CVE-2021-38892.json index 967a729e164..3a46b05bc3e 100644 --- a/2021/38xxx/CVE-2021-38892.json +++ b/2021/38xxx/CVE-2021-38892.json @@ -1,100 +1,18 @@ { + "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38892", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Planning Analytics Workspace", - "version": { - "version_data": [ - { - "version_value": "2.0" - } - ] - } - }, - { - "version": { - "version_data": [ - { - "version_value": "2.0" - } - ] - }, - "product_name": "Planning Analytics" - } - ] - }, - "vendor_name": "IBM" - } - ] - } - }, - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "psirt@us.ibm.com", - "STATE": "PUBLIC", - "ID": "CVE-2021-38892", - "DATE_PUBLIC": "2022-01-11T00:00:00" - }, - "references": { - "reference_data": [ - { - "url": "https://www.ibm.com/support/pages/node/6524704", - "title": "IBM Security Bulletin 6524704 (Planning Analytics)", - "name": "https://www.ibm.com/support/pages/node/6524704", - "refsource": "CONFIRM" - }, - { - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209511", - "title": "X-Force Vulnerability Report", - "name": "ibm-planning-cve202138892-code-exec (209511)", - "refsource": "XF" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "Gain Access", - "lang": "eng" - } - ] - } - ] - }, - "impact": { - "cvssv3": { - "BM": { - "I": "H", - "UI": "N", - "S": "C", - "A": "H", - "AV": "N", - "PR": "N", - "SCORE": "10.000", - "C": "H", - "AC": "L" - }, - "TM": { - "RC": "C", - "RL": "O", - "E": "U" - } - } } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39616.json b/2021/39xxx/CVE-2021-39616.json index 4368bfb8921..d32db06c1f3 100644 --- a/2021/39xxx/CVE-2021-39616.json +++ b/2021/39xxx/CVE-2021-39616.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438" } ] } diff --git a/2021/39xxx/CVE-2021-39619.json b/2021/39xxx/CVE-2021-39619.json index 2fd867febc2..c3ccbabfe52 100644 --- a/2021/39xxx/CVE-2021-39619.json +++ b/2021/39xxx/CVE-2021-39619.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948" } ] } diff --git a/2021/39xxx/CVE-2021-39631.json b/2021/39xxx/CVE-2021-39631.json index 76affb1f8d0..eeab7e3de98 100644 --- a/2021/39xxx/CVE-2021-39631.json +++ b/2021/39xxx/CVE-2021-39631.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In clear_data_dlg_text of strings.xml, there is a possible situation when \"Clear storage\" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833" } ] } diff --git a/2021/39xxx/CVE-2021-39635.json b/2021/39xxx/CVE-2021-39635.json index e4bc28ce9e9..a5b4f615ac8 100644 --- a/2021/39xxx/CVE-2021-39635.json +++ b/2021/39xxx/CVE-2021-39635.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ims_ex is a vendor system service used to manage VoLTE in unisoc devices\uff0cBut it does not verify the caller's permissions\uff0cso that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634" } ] } diff --git a/2021/39xxx/CVE-2021-39658.json b/2021/39xxx/CVE-2021-39658.json index 6f665b7ad66..fbbb8a09e36 100644 --- a/2021/39xxx/CVE-2021-39658.json +++ b/2021/39xxx/CVE-2021-39658.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ismsEx service is a vendor service in unisoc equipment\u3002ismsEx service is an extension of sms system service\uff0cbut it does not check the permissions of the caller\uff0cresulting in permission leaks\u3002Third-party apps can use this service to arbitrarily modify and set system properties\u3002Product: AndroidVersions: Android SoCAndroid ID: A-207479207" } ] } diff --git a/2021/39xxx/CVE-2021-39662.json b/2021/39xxx/CVE-2021-39662.json index 12c9404e936..2a264080166 100644 --- a/2021/39xxx/CVE-2021-39662.json +++ b/2021/39xxx/CVE-2021-39662.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116" } ] } diff --git a/2021/39xxx/CVE-2021-39663.json b/2021/39xxx/CVE-2021-39663.json index c02f3f54d3e..77bfe24e6fa 100644 --- a/2021/39xxx/CVE-2021-39663.json +++ b/2021/39xxx/CVE-2021-39663.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135" } ] } diff --git a/2021/39xxx/CVE-2021-39664.json b/2021/39xxx/CVE-2021-39664.json index bd66d8cbe3f..4ad5d9ad9df 100644 --- a/2021/39xxx/CVE-2021-39664.json +++ b/2021/39xxx/CVE-2021-39664.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029" } ] } diff --git a/2021/39xxx/CVE-2021-39665.json b/2021/39xxx/CVE-2021-39665.json index d9368b68d78..01327610878 100644 --- a/2021/39xxx/CVE-2021-39665.json +++ b/2021/39xxx/CVE-2021-39665.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881" } ] } diff --git a/2021/39xxx/CVE-2021-39666.json b/2021/39xxx/CVE-2021-39666.json index 24c28e7e205..e5884e2a815 100644 --- a/2021/39xxx/CVE-2021-39666.json +++ b/2021/39xxx/CVE-2021-39666.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255" } ] } diff --git a/2021/39xxx/CVE-2021-39668.json b/2021/39xxx/CVE-2021-39668.json index 11de16ad292..d0fa16d7678 100644 --- a/2021/39xxx/CVE-2021-39668.json +++ b/2021/39xxx/CVE-2021-39668.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603" } ] } diff --git a/2021/39xxx/CVE-2021-39669.json b/2021/39xxx/CVE-2021-39669.json index baa1a8cf34a..60663da2716 100644 --- a/2021/39xxx/CVE-2021-39669.json +++ b/2021/39xxx/CVE-2021-39669.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991" } ] } diff --git a/2021/39xxx/CVE-2021-39671.json b/2021/39xxx/CVE-2021-39671.json index 581656cd310..09b9082a8a8 100644 --- a/2021/39xxx/CVE-2021-39671.json +++ b/2021/39xxx/CVE-2021-39671.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630" } ] } diff --git a/2021/39xxx/CVE-2021-39672.json b/2021/39xxx/CVE-2021-39672.json index 0173caf89b7..f0f0e301657 100644 --- a/2021/39xxx/CVE-2021-39672.json +++ b/2021/39xxx/CVE-2021-39672.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701" } ] } diff --git a/2021/39xxx/CVE-2021-39674.json b/2021/39xxx/CVE-2021-39674.json index baaabbe3138..e37f9d86561 100644 --- a/2021/39xxx/CVE-2021-39674.json +++ b/2021/39xxx/CVE-2021-39674.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442" } ] } diff --git a/2021/39xxx/CVE-2021-39675.json b/2021/39xxx/CVE-2021-39675.json index eca8ccec00a..26933dd88cd 100644 --- a/2021/39xxx/CVE-2021-39675.json +++ b/2021/39xxx/CVE-2021-39675.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183" } ] } diff --git a/2021/39xxx/CVE-2021-39676.json b/2021/39xxx/CVE-2021-39676.json index 0fad0f24bb5..7d31d5b1b3b 100644 --- a/2021/39xxx/CVE-2021-39676.json +++ b/2021/39xxx/CVE-2021-39676.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-02-01", + "url": "https://source.android.com/security/bulletin/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210" } ] } diff --git a/2021/39xxx/CVE-2021-39677.json b/2021/39xxx/CVE-2021-39677.json index 90ed67de4a1..4d34b562739 100644 --- a/2021/39xxx/CVE-2021-39677.json +++ b/2021/39xxx/CVE-2021-39677.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/aaos/2022-02-01", + "url": "https://source.android.com/security/bulletin/aaos/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is \u2018zero\u2019 in size.Product: AndroidVersions: Android-11Android ID: A-205097028" } ] } diff --git a/2021/39xxx/CVE-2021-39687.json b/2021/39xxx/CVE-2021-39687.json index 0143ceb0137..c4b695cd564 100644 --- a/2021/39xxx/CVE-2021-39687.json +++ b/2021/39xxx/CVE-2021-39687.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-02-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A" } ] } diff --git a/2021/39xxx/CVE-2021-39688.json b/2021/39xxx/CVE-2021-39688.json index 5b180a1dd98..7912bca491a 100644 --- a/2021/39xxx/CVE-2021-39688.json +++ b/2021/39xxx/CVE-2021-39688.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-02-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-02-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A" } ] } diff --git a/2021/44xxx/CVE-2021-44111.json b/2021/44xxx/CVE-2021-44111.json index c58c1818267..663cf6be05d 100644 --- a/2021/44xxx/CVE-2021-44111.json +++ b/2021/44xxx/CVE-2021-44111.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44111", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44111", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/s-cart/s-cart/issues/102", + "refsource": "MISC", + "name": "https://github.com/s-cart/s-cart/issues/102" } ] } diff --git a/2021/4xxx/CVE-2021-4035.json b/2021/4xxx/CVE-2021-4035.json index be2ce09c0ee..394a6548701 100644 --- a/2021/4xxx/CVE-2021-4035.json +++ b/2021/4xxx/CVE-2021-4035.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-coordination@incibe.es", + "DATE_PUBLIC": "2022-02-07T08:00:00.000Z", "ID": "CVE-2021-4035", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Wocu Monitoring stored Cross-Site Scripting (XSS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wocu Monitoring", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "0.27", + "version_value": "0.27" + }, + { + "version_affected": "<", + "version_name": "48.2", + "version_value": "48.2" + } + ] + } + } + ] + }, + "vendor_name": "A3Sec " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "David C\u00e1mara Galindo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/wocu-monitoring-stored-cross-site-scripting-xss", + "refsource": "CONFIRM", + "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/wocu-monitoring-stored-cross-site-scripting-xss" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This vulnerability has been solved by A3Sec in the 48.2 version." + } + ], + "source": { + "advisory": "INCIBE-2022-0593", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4046.json b/2021/4xxx/CVE-2021-4046.json index 692d3294c33..69d2fed3cfb 100644 --- a/2021/4xxx/CVE-2021-4046.json +++ b/2021/4xxx/CVE-2021-4046.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-coordination@incibe.es", + "DATE_PUBLIC": "2022-02-08T08:00:00.000Z", "ID": "CVE-2021-4046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "TCMAN GIM Cross-Site Scripting (XSS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GIM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "8.01", + "version_value": "8.01" + } + ] + } + } + ] + }, + "vendor_name": "TCMAN" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Pablo Arias Rodr\u00edguez and Jorge Alberto Palma Reyes" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/tcman-gim-cross-site-scripting-xss", + "refsource": "CONFIRM", + "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/tcman-gim-cross-site-scripting-xss" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734." + } + ], + "source": { + "advisory": "INCIBE-2021-0596", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0185.json b/2022/0xxx/CVE-2022-0185.json index 834bdb25088..6c1293fc9b6 100644 --- a/2022/0xxx/CVE-2022-0185.json +++ b/2022/0xxx/CVE-2022-0185.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2" + }, + { + "refsource": "MISC", + "name": "https://github.com/Crusaders-of-Rust/CVE-2022-0185", + "url": "https://github.com/Crusaders-of-Rust/CVE-2022-0185" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2022/01/18/7", + "url": "https://www.openwall.com/lists/oss-security/2022/01/18/7" + }, + { + "refsource": "MISC", + "name": "https://www.willsroot.io/2022/01/cve-2022-0185.html", + "url": "https://www.willsroot.io/2022/01/cve-2022-0185.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system." } ] } diff --git a/2022/0xxx/CVE-2022-0382.json b/2022/0xxx/CVE-2022-0382.json index 6c69ae2578e..e170e52fe94 100644 --- a/2022/0xxx/CVE-2022-0382.json +++ b/2022/0xxx/CVE-2022-0382.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel versions prior to 5.17-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/d6d86830705f173fca6087a3e67ceaf68db80523", + "url": "https://github.com/torvalds/linux/commit/d6d86830705f173fca6087a3e67ceaf68db80523" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak flaw was found due to uninitialized memory in the Linux kernel\u2019s TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1." } ] } diff --git a/2022/0xxx/CVE-2022-0483.json b/2022/0xxx/CVE-2022-0483.json index a249fa13706..df91fcedbea 100644 --- a/2022/0xxx/CVE-2022-0483.json +++ b/2022/0xxx/CVE-2022-0483.json @@ -1,18 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@acronis.com", + "DATE_PUBLIC": "2022-02-11T00:00:00.000Z", "ID": "CVE-2022-0483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation due to insecure folder permissions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acronis VSS Doctor", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Acronis" + } + ] + } + }, + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security-advisory.acronis.com/advisories/SEC-3354", + "name": "https://security-advisory.acronis.com/advisories/SEC-3354" + } + ] + }, + "source": { + "advisory": "SEC-3354", + "defect": [ + "SEC-3354" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0561.json b/2022/0xxx/CVE-2022-0561.json index 71e203f0cb6..641715bbda3 100644 --- a/2022/0xxx/CVE-2022-0561.json +++ b/2022/0xxx/CVE-2022-0561.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": ">=3.9.0, <=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect calculation of buffer size in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/362", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/362", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", + "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "shahchintanh@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0562.json b/2022/0xxx/CVE-2022-0562.json index fd80d8be7e8..8ef10ad4bbb 100644 --- a/2022/0xxx/CVE-2022-0562.json +++ b/2022/0xxx/CVE-2022-0562.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": ">=4.0, <=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null pointer dereference in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/362", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/362", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", + "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "shahchintanh@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22291.json b/2022/22xxx/CVE-2022-22291.json index d05dde26df4..94201d95db9 100644 --- a/2022/22xxx/CVE-2022-22291.json +++ b/2022/22xxx/CVE-2022-22291.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-779 Logging of Excessive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22292.json b/2022/22xxx/CVE-2022-22292.json index de219a3fc26..9105bfa3a3f 100644 --- a/2022/22xxx/CVE-2022-22292.json +++ b/2022/22xxx/CVE-2022-22292.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-22292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0), S(12.0)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23102.json b/2022/23xxx/CVE-2022-23102.json index 8302115a201..f8eb1d4cb36 100644 --- a/2022/23xxx/CVE-2022-23102.json +++ b/2022/23xxx/CVE-2022-23102.json @@ -61,6 +61,11 @@ "refsource": "FULLDISC", "name": "20220210 SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect", "url": "http://seclists.org/fulldisclosure/2022/Feb/20" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html", + "url": "http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html" } ] } diff --git a/2022/23xxx/CVE-2022-23425.json b/2022/23xxx/CVE-2022-23425.json index 63fd136bc01..6ec32a41080 100644 --- a/2022/23xxx/CVE-2022-23425.json +++ b/2022/23xxx/CVE-2022-23425.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23425", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0), S(12.0) with select Exynos devices", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23426.json b/2022/23xxx/CVE-2022-23426.json index 65e127074ad..4c3b1864116 100644 --- a/2022/23xxx/CVE-2022-23426.json +++ b/2022/23xxx/CVE-2022-23426.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23427.json b/2022/23xxx/CVE-2022-23427.json index 152e9a26b60..f0fa8f30d33 100644 --- a/2022/23xxx/CVE-2022-23427.json +++ b/2022/23xxx/CVE-2022-23427.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23428.json b/2022/23xxx/CVE-2022-23428.json index 0c36e17037f..d32647994c9 100644 --- a/2022/23xxx/CVE-2022-23428.json +++ b/2022/23xxx/CVE-2022-23428.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices with Exynos chipsets", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120:Buffer Copy without Checking Size of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23429.json b/2022/23xxx/CVE-2022-23429.json index 4e301ae7223..d2cc8d9bb7e 100644 --- a/2022/23xxx/CVE-2022-23429.json +++ b/2022/23xxx/CVE-2022-23429.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125:Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23431.json b/2022/23xxx/CVE-2022-23431.json index b02701abfba..75d6558eeac 100644 --- a/2022/23xxx/CVE-2022-23431.json +++ b/2022/23xxx/CVE-2022-23431.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices with Exynos chipsets", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120:Buffer Copy without Checking Size of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23432.json b/2022/23xxx/CVE-2022-23432.json index 2d71fa3cfeb..679f8c9ebb7 100644 --- a/2022/23xxx/CVE-2022-23432.json +++ b/2022/23xxx/CVE-2022-23432.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices with Exynos chipsets", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23433.json b/2022/23xxx/CVE-2022-23433.json index 939074b942c..7f3357bc1d7 100644 --- a/2022/23xxx/CVE-2022-23433.json +++ b/2022/23xxx/CVE-2022-23433.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reminder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23707.json b/2022/23xxx/CVE-2022-23707.json index c4db461bdc2..5fbb975765c 100644 --- a/2022/23xxx/CVE-2022-23707.json +++ b/2022/23xxx/CVE-2022-23707.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", "data_format": "MITRE", + "data_type": "CVE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", "ID": "CVE-2022-23707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "7.5.1 through 7.16.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users" } ] } diff --git a/2022/23xxx/CVE-2022-23853.json b/2022/23xxx/CVE-2022-23853.json index dbdd6c04354..daa05df3edd 100644 --- a/2022/23xxx/CVE-2022-23853.json +++ b/2022/23xxx/CVE-2022-23853.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-23853", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-23853", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://apps.kde.org/kate/", + "refsource": "MISC", + "name": "https://apps.kde.org/kate/" + }, + { + "refsource": "CONFIRM", + "name": "https://kde.org/info/security/advisory-20220131-1.txt", + "url": "https://kde.org/info/security/advisory-20220131-1.txt" } ] } diff --git a/2022/23xxx/CVE-2022-23998.json b/2022/23xxx/CVE-2022-23998.json index cd9768c914a..5670ab9a622 100644 --- a/2022/23xxx/CVE-2022-23998.json +++ b/2022/23xxx/CVE-2022-23998.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Camera", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23999.json b/2022/23xxx/CVE-2022-23999.json index 94ea34beed4..d56edbe8a1a 100644 --- a/2022/23xxx/CVE-2022-23999.json +++ b/2022/23xxx/CVE-2022-23999.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-23999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24000.json b/2022/24xxx/CVE-2022-24000.json index 5f91b301a5f..b97dd3af99e 100644 --- a/2022/24xxx/CVE-2022-24000.json +++ b/2022/24xxx/CVE-2022-24000.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Feb-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24001.json b/2022/24xxx/CVE-2022-24001.json index a1671234e20..d818f559151 100644 --- a/2022/24xxx/CVE-2022-24001.json +++ b/2022/24xxx/CVE-2022-24001.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "Android\u00a0S(12)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24002.json b/2022/24xxx/CVE-2022-24002.json index 7526c98ab5e..e1a1fff252f 100644 --- a/2022/24xxx/CVE-2022-24002.json +++ b/2022/24xxx/CVE-2022-24002.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Link sharing", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "12.4.00.3" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24003.json b/2022/24xxx/CVE-2022-24003.json index 783f435ce6d..85ce642d0a0 100644 --- a/2022/24xxx/CVE-2022-24003.json +++ b/2022/24xxx/CVE-2022-24003.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bixby Vision", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.7.50.6" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24923.json b/2022/24xxx/CVE-2022-24923.json index 16eec8a2d1a..313bc22a576 100644 --- a/2022/24xxx/CVE-2022-24923.json +++ b/2022/24xxx/CVE-2022-24923.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24923", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SearchWidget", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "2.3.00.6" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24924.json b/2022/24xxx/CVE-2022-24924.json index 3cb3d865cdb..cae5d58025c 100644 --- a/2022/24xxx/CVE-2022-24924.json +++ b/2022/24xxx/CVE-2022-24924.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LiveWallpaper", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.0.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.2, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24925.json b/2022/24xxx/CVE-2022-24925.json index 0f7e5dd7a7e..2ecf8469490 100644 --- a/2022/24xxx/CVE-2022-24925.json +++ b/2022/24xxx/CVE-2022-24925.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "Android S(12)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24926.json b/2022/24xxx/CVE-2022-24926.json index a5b13ceaa3b..977b16ba0f9 100644 --- a/2022/24xxx/CVE-2022-24926.json +++ b/2022/24xxx/CVE-2022-24926.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartTagPlugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.15-6" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24927.json b/2022/24xxx/CVE-2022-24927.json index b52b4a691ec..de202734639 100644 --- a/2022/24xxx/CVE-2022-24927.json +++ b/2022/24xxx/CVE-2022-24927.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-24927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Video Player", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "7.3.15.30" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269\u00a0Improper Privilege\u00a0Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24968.json b/2022/24xxx/CVE-2022-24968.json new file mode 100644 index 00000000000..ded0ec1535b --- /dev/null +++ b/2022/24xxx/CVE-2022-24968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24969.json b/2022/24xxx/CVE-2022-24969.json new file mode 100644 index 00000000000..f7195589577 --- /dev/null +++ b/2022/24xxx/CVE-2022-24969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24970.json b/2022/24xxx/CVE-2022-24970.json new file mode 100644 index 00000000000..5af9330ae5c --- /dev/null +++ b/2022/24xxx/CVE-2022-24970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24971.json b/2022/24xxx/CVE-2022-24971.json new file mode 100644 index 00000000000..340f47fd564 --- /dev/null +++ b/2022/24xxx/CVE-2022-24971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24972.json b/2022/24xxx/CVE-2022-24972.json new file mode 100644 index 00000000000..14697bbc9fd --- /dev/null +++ b/2022/24xxx/CVE-2022-24972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24973.json b/2022/24xxx/CVE-2022-24973.json new file mode 100644 index 00000000000..0da9f491a64 --- /dev/null +++ b/2022/24xxx/CVE-2022-24973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24974.json b/2022/24xxx/CVE-2022-24974.json new file mode 100644 index 00000000000..dcea7045c67 --- /dev/null +++ b/2022/24xxx/CVE-2022-24974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file