diff --git a/2017/1xxx/CVE-2017-1070.json b/2017/1xxx/CVE-2017-1070.json index d0139750e4c..e72c37583dc 100644 --- a/2017/1xxx/CVE-2017-1070.json +++ b/2017/1xxx/CVE-2017-1070.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-1070", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } diff --git a/2017/9xxx/CVE-2017-9380.json b/2017/9xxx/CVE-2017-9380.json index 113c240edf0..eefb8471bc7 100644 --- a/2017/9xxx/CVE-2017-9380.json +++ b/2017/9xxx/CVE-2017-9380.json @@ -56,6 +56,11 @@ "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-002", "refsource": "MISC", "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-002" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163087/OpenEMR-5.0.0-Remote-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/163087/OpenEMR-5.0.0-Remote-Shell-Upload.html" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 7bc80e48dd9..44b9802e6d0 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -468,6 +468,11 @@ "refsource": "MLIST", "name": "[activemq-users] 20210427 Re: Release date for ActiveMQ v5.16.2 to fix CVEs", "url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad@%3Cusers.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-dev] 20210611 Re: [DISCUSS] KIP-719: Add Log4J2 Appender", + "url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd@%3Cdev.kafka.apache.org%3E" } ] }, diff --git a/2019/9xxx/CVE-2019-9475.json b/2019/9xxx/CVE-2019-9475.json index f2c9ec085b3..6c09779f824 100644 --- a/2019/9xxx/CVE-2019-9475.json +++ b/2019/9xxx/CVE-2019-9475.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9475", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9475", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android 10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886" } ] } diff --git a/2020/5xxx/CVE-2020-5993.json b/2020/5xxx/CVE-2020-5993.json index 44663e23fac..28dcf7fc272 100644 --- a/2020/5xxx/CVE-2020-5993.json +++ b/2020/5xxx/CVE-2020-5993.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5993", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5994.json b/2020/5xxx/CVE-2020-5994.json index 29ef42f8ca5..869c5dbfefb 100644 --- a/2020/5xxx/CVE-2020-5994.json +++ b/2020/5xxx/CVE-2020-5994.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5995.json b/2020/5xxx/CVE-2020-5995.json index 01ddeb4f596..2294a6c1930 100644 --- a/2020/5xxx/CVE-2020-5995.json +++ b/2020/5xxx/CVE-2020-5995.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5995", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5996.json b/2020/5xxx/CVE-2020-5996.json index f40e49d828f..f6bf8c74719 100644 --- a/2020/5xxx/CVE-2020-5996.json +++ b/2020/5xxx/CVE-2020-5996.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5996", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5997.json b/2020/5xxx/CVE-2020-5997.json index f0ec019ed7f..9ef943cd6d9 100644 --- a/2020/5xxx/CVE-2020-5997.json +++ b/2020/5xxx/CVE-2020-5997.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5997", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5998.json b/2020/5xxx/CVE-2020-5998.json index dbc5c8b2372..f5593ec7e3b 100644 --- a/2020/5xxx/CVE-2020-5998.json +++ b/2020/5xxx/CVE-2020-5998.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5998", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5999.json b/2020/5xxx/CVE-2020-5999.json index 27c21f7cfe1..ffb9547ce2c 100644 --- a/2020/5xxx/CVE-2020-5999.json +++ b/2020/5xxx/CVE-2020-5999.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5999", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6000.json b/2020/6xxx/CVE-2020-6000.json index 8dd0a12ca10..8fcd31ce528 100644 --- a/2020/6xxx/CVE-2020-6000.json +++ b/2020/6xxx/CVE-2020-6000.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6000", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6001.json b/2020/6xxx/CVE-2020-6001.json index 91225b35753..f8c6ccfe2e4 100644 --- a/2020/6xxx/CVE-2020-6001.json +++ b/2020/6xxx/CVE-2020-6001.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6001", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6002.json b/2020/6xxx/CVE-2020-6002.json index 8a180f02f77..edad0b89c6e 100644 --- a/2020/6xxx/CVE-2020-6002.json +++ b/2020/6xxx/CVE-2020-6002.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6002", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6003.json b/2020/6xxx/CVE-2020-6003.json index 0f4336c5977..6f8c17e9671 100644 --- a/2020/6xxx/CVE-2020-6003.json +++ b/2020/6xxx/CVE-2020-6003.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6003", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6004.json b/2020/6xxx/CVE-2020-6004.json index dabdc24685a..5ab62f4f1c1 100644 --- a/2020/6xxx/CVE-2020-6004.json +++ b/2020/6xxx/CVE-2020-6004.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6005.json b/2020/6xxx/CVE-2020-6005.json index 7a6dbfd852d..fe16e353200 100644 --- a/2020/6xxx/CVE-2020-6005.json +++ b/2020/6xxx/CVE-2020-6005.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6005", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/6xxx/CVE-2020-6006.json b/2020/6xxx/CVE-2020-6006.json index c28e899a2ce..6bcce9ac04e 100644 --- a/2020/6xxx/CVE-2020-6006.json +++ b/2020/6xxx/CVE-2020-6006.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-6006", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2021/0xxx/CVE-2021-0466.json b/2021/0xxx/CVE-2021-0466.json index e6ee21b354b..93ca6d5efa7 100644 --- a/2021/0xxx/CVE-2021-0466.json +++ b/2021/0xxx/CVE-2021-0466.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734" } ] } diff --git a/2021/0xxx/CVE-2021-0472.json b/2021/0xxx/CVE-2021-0472.json index 6e0ca24f026..6ea9ebd4960 100644 --- a/2021/0xxx/CVE-2021-0472.json +++ b/2021/0xxx/CVE-2021-0472.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033" } ] } diff --git a/2021/0xxx/CVE-2021-0473.json b/2021/0xxx/CVE-2021-0473.json index 2fe21e93b58..aff173bfcf9 100644 --- a/2021/0xxx/CVE-2021-0473.json +++ b/2021/0xxx/CVE-2021-0473.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10 Android-11 Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208" } ] } diff --git a/2021/0xxx/CVE-2021-0474.json b/2021/0xxx/CVE-2021-0474.json index da81bd88699..11e992f36a0 100644 --- a/2021/0xxx/CVE-2021-0474.json +++ b/2021/0xxx/CVE-2021-0474.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958" } ] } diff --git a/2021/0xxx/CVE-2021-0475.json b/2021/0xxx/CVE-2021-0475.json index 3ff2f3d5c84..ea3d9d8fd20 100644 --- a/2021/0xxx/CVE-2021-0475.json +++ b/2021/0xxx/CVE-2021-0475.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168" } ] } diff --git a/2021/0xxx/CVE-2021-0476.json b/2021/0xxx/CVE-2021-0476.json index b8bd0a2771a..b98d124e82b 100644 --- a/2021/0xxx/CVE-2021-0476.json +++ b/2021/0xxx/CVE-2021-0476.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501" } ] } diff --git a/2021/0xxx/CVE-2021-0477.json b/2021/0xxx/CVE-2021-0477.json index 57f31391727..8abc346366d 100644 --- a/2021/0xxx/CVE-2021-0477.json +++ b/2021/0xxx/CVE-2021-0477.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250" } ] } diff --git a/2021/0xxx/CVE-2021-0480.json b/2021/0xxx/CVE-2021-0480.json index f3c4e7a93ba..869e2e1f428 100644 --- a/2021/0xxx/CVE-2021-0480.json +++ b/2021/0xxx/CVE-2021-0480.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336" } ] } diff --git a/2021/0xxx/CVE-2021-0481.json b/2021/0xxx/CVE-2021-0481.json index e581b8bec39..629d0e61f9a 100644 --- a/2021/0xxx/CVE-2021-0481.json +++ b/2021/0xxx/CVE-2021-0481.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1 Android-9 Android-10 Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189" } ] } diff --git a/2021/0xxx/CVE-2021-0482.json b/2021/0xxx/CVE-2021-0482.json index 64e316829e3..33b81e3ff73 100644 --- a/2021/0xxx/CVE-2021-0482.json +++ b/2021/0xxx/CVE-2021-0482.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720" } ] } diff --git a/2021/0xxx/CVE-2021-0484.json b/2021/0xxx/CVE-2021-0484.json index bcdbf8cdaea..6102f50d832 100644 --- a/2021/0xxx/CVE-2021-0484.json +++ b/2021/0xxx/CVE-2021-0484.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10 Android-11 Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767" } ] } diff --git a/2021/0xxx/CVE-2021-0485.json b/2021/0xxx/CVE-2021-0485.json index c9832e4ed63..a08fa551067 100644 --- a/2021/0xxx/CVE-2021-0485.json +++ b/2021/0xxx/CVE-2021-0485.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616" } ] } diff --git a/2021/0xxx/CVE-2021-0487.json b/2021/0xxx/CVE-2021-0487.json index ad400c37b27..f464e55711d 100644 --- a/2021/0xxx/CVE-2021-0487.json +++ b/2021/0xxx/CVE-2021-0487.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397" } ] } diff --git a/2021/0xxx/CVE-2021-0489.json b/2021/0xxx/CVE-2021-0489.json index 889233848d8..a7e766bc2a4 100644 --- a/2021/0xxx/CVE-2021-0489.json +++ b/2021/0xxx/CVE-2021-0489.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866" } ] } diff --git a/2021/0xxx/CVE-2021-0490.json b/2021/0xxx/CVE-2021-0490.json index a19665e66b1..dd22b979524 100644 --- a/2021/0xxx/CVE-2021-0490.json +++ b/2021/0xxx/CVE-2021-0490.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868" } ] } diff --git a/2021/0xxx/CVE-2021-0491.json b/2021/0xxx/CVE-2021-0491.json index 355632237dd..82eba78b190 100644 --- a/2021/0xxx/CVE-2021-0491.json +++ b/2021/0xxx/CVE-2021-0491.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315" } ] } diff --git a/2021/0xxx/CVE-2021-0492.json b/2021/0xxx/CVE-2021-0492.json index 348d5fc55dd..91aa69a3a2b 100644 --- a/2021/0xxx/CVE-2021-0492.json +++ b/2021/0xxx/CVE-2021-0492.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078" } ] } diff --git a/2021/0xxx/CVE-2021-0493.json b/2021/0xxx/CVE-2021-0493.json index 1611cb38202..302fbf2ba82 100644 --- a/2021/0xxx/CVE-2021-0493.json +++ b/2021/0xxx/CVE-2021-0493.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317" } ] } diff --git a/2021/0xxx/CVE-2021-0494.json b/2021/0xxx/CVE-2021-0494.json index 98ba8de4535..b7c469b9b91 100644 --- a/2021/0xxx/CVE-2021-0494.json +++ b/2021/0xxx/CVE-2021-0494.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318" } ] } diff --git a/2021/0xxx/CVE-2021-0495.json b/2021/0xxx/CVE-2021-0495.json index bf0bd43492b..923848e35e4 100644 --- a/2021/0xxx/CVE-2021-0495.json +++ b/2021/0xxx/CVE-2021-0495.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083" } ] } diff --git a/2021/0xxx/CVE-2021-0496.json b/2021/0xxx/CVE-2021-0496.json index 36ffbeba032..d1206c50eca 100644 --- a/2021/0xxx/CVE-2021-0496.json +++ b/2021/0xxx/CVE-2021-0496.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912" } ] } diff --git a/2021/0xxx/CVE-2021-0497.json b/2021/0xxx/CVE-2021-0497.json index b71c99ee572..72a7476d107 100644 --- a/2021/0xxx/CVE-2021-0497.json +++ b/2021/0xxx/CVE-2021-0497.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320" } ] } diff --git a/2021/0xxx/CVE-2021-0498.json b/2021/0xxx/CVE-2021-0498.json index 4c2fbc65163..8214969f92a 100644 --- a/2021/0xxx/CVE-2021-0498.json +++ b/2021/0xxx/CVE-2021-0498.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2021-05-01", + "url": "https://source.android.com/security/bulletin/2021-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321" } ] } diff --git a/2021/21xxx/CVE-2021-21773.json b/2021/21xxx/CVE-2021-21773.json index e168cbba56a..7e96e9794e1 100644 --- a/2021/21xxx/CVE-2021-21773.json +++ b/2021/21xxx/CVE-2021-21773.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "out of bounds write" + "value": "Incorrect Calculation of Buffer Size" } ] } diff --git a/2021/21xxx/CVE-2021-21776.json b/2021/21xxx/CVE-2021-21776.json index 876e67adf33..6ad750df5e2 100644 --- a/2021/21xxx/CVE-2021-21776.json +++ b/2021/21xxx/CVE-2021-21776.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Accusoft ImageGear Accusoft ImageGear 19.8." + "version_value": "Accusoft ImageGear Accusoft ImageGear 19.8" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "out of bounds write" + "value": "Incorrect Calculation of Buffer Size" } ] } diff --git a/2021/21xxx/CVE-2021-21782.json b/2021/21xxx/CVE-2021-21782.json index 9aa569ca0e6..8111e26eeba 100644 --- a/2021/21xxx/CVE-2021-21782.json +++ b/2021/21xxx/CVE-2021-21782.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "out of bounds write" + "value": "Incorrect Calculation of Buffer Size" } ] } diff --git a/2021/21xxx/CVE-2021-21784.json b/2021/21xxx/CVE-2021-21784.json index 0339aab4741..4f7e492300a 100644 --- a/2021/21xxx/CVE-2021-21784.json +++ b/2021/21xxx/CVE-2021-21784.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "out of bounds write" + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } diff --git a/2021/21xxx/CVE-2021-21795.json b/2021/21xxx/CVE-2021-21795.json index 37961565a56..87e0871bc79 100644 --- a/2021/21xxx/CVE-2021-21795.json +++ b/2021/21xxx/CVE-2021-21795.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1264", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1264" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21808.json b/2021/21xxx/CVE-2021-21808.json index e4d998b82e8..ea77dd76b0c 100644 --- a/2021/21xxx/CVE-2021-21808.json +++ b/2021/21xxx/CVE-2021-21808.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "classic buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1276", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1276" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21824.json b/2021/21xxx/CVE-2021-21824.json index cfdd61c4339..ddda1cf5127 100644 --- a/2021/21xxx/CVE-2021-21824.json +++ b/2021/21xxx/CVE-2021-21824.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1289", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21833.json b/2021/21xxx/CVE-2021-21833.json index 029794b2d0a..08144397dfc 100644 --- a/2021/21xxx/CVE-2021-21833.json +++ b/2021/21xxx/CVE-2021-21833.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1296", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1296" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/24xxx/CVE-2021-24174.json b/2021/24xxx/CVE-2021-24174.json index bf5d9bae79b..53345db1bbd 100644 --- a/2021/24xxx/CVE-2021-24174.json +++ b/2021/24xxx/CVE-2021-24174.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24174", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Database Backups <= 1.2.2.6 - CSRF to Backup Download" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Database Backups", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "1.2.2.6", - "version_value": "1.2.2.6" + "CVE_data_meta": { + "ID": "CVE-2021-24174", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Database Backups <= 1.2.2.6 - CSRF to Backup Download" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Database Backups", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.2.6", + "version_value": "1.2.2.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5", - "name": "https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "0xB9" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5", + "name": "https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-Cross-Site-Request-Forgery.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "0xB9" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27408.json b/2021/27xxx/CVE-2021-27408.json index 848b478eaf9..f93c72cb968 100644 --- a/2021/27xxx/CVE-2021-27408.json +++ b/2021/27xxx/CVE-2021-27408.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Welch Allyn medical device management tools", + "version": { + "version_data": [ + { + "version_value": "Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite \u2013 Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite \u2013 Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00)." } ] } diff --git a/2021/27xxx/CVE-2021-27410.json b/2021/27xxx/CVE-2021-27410.json index db978ce511b..ce957e75eeb 100644 --- a/2021/27xxx/CVE-2021-27410.json +++ b/2021/27xxx/CVE-2021-27410.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Welch Allyn medical device management tools", + "version": { + "version_data": [ + { + "version_value": "Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite \u2013 Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS WRITE CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite \u2013 Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00)." } ] } diff --git a/2021/27xxx/CVE-2021-27673.json b/2021/27xxx/CVE-2021-27673.json index 808a362056c..f031f041f0a 100644 --- a/2021/27xxx/CVE-2021-27673.json +++ b/2021/27xxx/CVE-2021-27673.json @@ -56,6 +56,11 @@ "url": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38", "refsource": "MISC", "name": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163083/Zenario-CMS-8.8.52729-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/163083/Zenario-CMS-8.8.52729-SQL-Injection.html" } ] } diff --git a/2021/31xxx/CVE-2021-31950.json b/2021/31xxx/CVE-2021-31950.json index 644fe43e2e3..22e6912b0c3 100644 --- a/2021/31xxx/CVE-2021-31950.json +++ b/2021/31xxx/CVE-2021-31950.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html" } ] } diff --git a/2021/32xxx/CVE-2021-32930.json b/2021/32xxx/CVE-2021-32930.json index eb44eda7d65..99216ae38f8 100644 --- a/2021/32xxx/CVE-2021-32930.json +++ b/2021/32xxx/CVE-2021-32930.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iView", + "version": { + "version_data": [ + { + "version_value": "versions prior to v5.7.03.6182" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product\u2019s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182)." } ] } diff --git a/2021/32xxx/CVE-2021-32932.json b/2021/32xxx/CVE-2021-32932.json index 072195d38a0..c0389a942aa 100644 --- a/2021/32xxx/CVE-2021-32932.json +++ b/2021/32xxx/CVE-2021-32932.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iView", + "version": { + "version_data": [ + { + "version_value": "versions prior to v5.7.03.6182" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182)." } ] } diff --git a/2021/33xxx/CVE-2021-33904.json b/2021/33xxx/CVE-2021-33904.json index 20ed2cf377d..cb0160510de 100644 --- a/2021/33xxx/CVE-2021-33904.json +++ b/2021/33xxx/CVE-2021-33904.json @@ -56,6 +56,11 @@ "url": "https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21", "refsource": "MISC", "name": "https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html" } ] } diff --git a/2021/34xxx/CVE-2021-34546.json b/2021/34xxx/CVE-2021-34546.json index 4adaa8145e4..2ff530f2873 100644 --- a/2021/34xxx/CVE-2021-34546.json +++ b/2021/34xxx/CVE-2021-34546.json @@ -71,6 +71,11 @@ "refsource": "FULLDISC", "name": "20210611 secuvera-SA-2021-01: Privilege Escalation in NetSetMan Pro 4.7.2", "url": "http://seclists.org/fulldisclosure/2021/Jun/17" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163097/NetSetManPro-4.7.2-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/163097/NetSetManPro-4.7.2-Privilege-Escalation.html" } ] }