admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #469 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-07-08 12:07:14 -04:00 committed by GitHub
commit 55055c360c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
127 changed files with 4099 additions and 352 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2007/5xxx/CVE-2007-5002.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5002",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2007-5002",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

14
2008/1xxx/CVE-2008-1879.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1879",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-1879",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

2
2010/1xxx/CVE-2010-1435.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-264"
"value": "CWE-863"
}
]
}

2
2010/3xxx/CVE-2010-3843.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-120"
"value": "CWE-787"
}
]
}

2
2010/4xxx/CVE-2010-4816.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "CWE-476"
}
]
}

5
2017/14xxx/CVE-2017-14648.json
View File

@ -56,6 +56,11 @@
"name": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-18",
"url": "https://security.gentoo.org/glsa/202107-18"
}
]
}

5
2018/10xxx/CVE-2018-10689.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2162",
"url": "https://access.redhat.com/errata/RHSA-2019:2162"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-15",
"url": "https://security.gentoo.org/glsa/202107-15"
}
]
}

5
2018/15xxx/CVE-2018-15877.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-Monitor-20161228-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-Monitor-20161228-Remote-Code-Execution.html"
}
]
}

2
2018/25xxx/CVE-2018-25011.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "CWE-787"
}
]
}

5
2020/10xxx/CVE-2020-10701.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
}
]
},

2
2020/10xxx/CVE-2020-10771.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-352"
}
]
}

61
2020/20xxx/CVE-2020-20217.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mikrotik.com/",
"refsource": "MISC",
"name": "https://mikrotik.com/"
},
{
"refsource": "MISC",
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
]
}

56
2020/20xxx/CVE-2020-20582.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20582",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sansanyun/mipcms5/issues/5",
"refsource": "MISC",
"name": "https://github.com/sansanyun/mipcms5/issues/5"
}
]
}

56
2020/20xxx/CVE-2020-20583.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/0xyu/PHP_Learning/issues/1",
"refsource": "MISC",
"name": "https://github.com/0xyu/PHP_Learning/issues/1"
}
]
}

71
2020/20xxx/CVE-2020-20584.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://baigosso.com",
"refsource": "MISC",
"name": "http://baigosso.com"
},
{
"url": "https://github.com/baigoStudio/baigoSSO",
"refsource": "MISC",
"name": "https://github.com/baigoStudio/baigoSSO"
},
{
"url": "https://github.com/baigoStudio/baigoSSO/",
"refsource": "MISC",
"name": "https://github.com/baigoStudio/baigoSSO/"
},
{
"url": "https://github.com/baigoStudio/baigoSSO/issues/13",
"refsource": "MISC",
"name": "https://github.com/baigoStudio/baigoSSO/issues/13"
}
]
}

66
2020/20xxx/CVE-2020-20585.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.metinfo.cn/",
"refsource": "MISC",
"name": "https://www.metinfo.cn/"
},
{
"url": "http://metinfo.com",
"refsource": "MISC",
"name": "http://metinfo.com"
},
{
"url": "https://github.com/0xyu/PHP_Learning/issues/3",
"refsource": "MISC",
"name": "https://github.com/0xyu/PHP_Learning/issues/3"
}
]
}

66
2020/20xxx/CVE-2020-20586.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.xyhcms.com/Show/download/id/2/at/0.html",
"refsource": "MISC",
"name": "http://www.xyhcms.com/Show/download/id/2/at/0.html"
},
{
"url": "http://xyhcms.com",
"refsource": "MISC",
"name": "http://xyhcms.com"
},
{
"url": "https://github.com/0xyu/PHP_Learning/issues/4",
"refsource": "MISC",
"name": "https://github.com/0xyu/PHP_Learning/issues/4"
}
]
}

56
2020/23xxx/CVE-2020-23700.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LavaLite/cms/issues/319",
"refsource": "MISC",
"name": "https://github.com/LavaLite/cms/issues/319"
}
]
}

61
2020/23xxx/CVE-2020-23702.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG",
"refsource": "MISC",
"name": "https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG"
},
{
"refsource": "MISC",
"name": "https://github.com/phpfusion/PHPFusion/issues/2328",
"url": "https://github.com/phpfusion/PHPFusion/issues/2328"
}
]
}

5
2020/28xxx/CVE-2020-28493.json
View File

@ -70,6 +70,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-2ab8ebcabc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-19",
"url": "https://security.gentoo.org/glsa/202107-19"
}
]
},

50
2020/28xxx/CVE-2020-28598.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Prusa Research",
"version": {
"version_data": [
{
"version_value": "Prusa Research PrusaSlicer 2.2.0 ,Prusa Research PrusaSlicer Master (commit 4b040b856)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

5
2020/28xxx/CVE-2020-28924.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-3b0bb05117",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-14",
"url": "https://security.gentoo.org/glsa/202107-14"
}
]
}

5
2020/35xxx/CVE-2020-35502.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

12
2020/35xxx/CVE-2020-35517.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284"
"value": "CWE-269"
}
]
}
@ -44,6 +44,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c",
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823",
@ -59,11 +64,6 @@
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c",
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210312-0002/",

12
2020/35xxx/CVE-2020-35524.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "CWE-787"
}
]
}
@ -74,15 +74,15 @@
"name": "GLSA-202104-06",
"url": "https://security.gentoo.org/glsa/202104-06"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
}
]
},

2
2020/36xxx/CVE-2020-36328.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "CWE-787"
}
]
}

5
2021/20xxx/CVE-2021-20196.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/01/28/1",
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0004/"
}
]
},

5
2021/20xxx/CVE-2021-20209.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20210.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20211.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20212.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20213.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20214.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20215.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20216.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html",
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20217.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20221.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
}
]
},

5
2021/20xxx/CVE-2021-20272.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20273.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20274.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20275.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

5
2021/20xxx/CVE-2021-20276.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-16",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
},

85
2021/20xxx/CVE-2021-20378.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-06T00:00:00",
"ID": "CVE-2021-20378",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "L",
"UI": "N",
"C": "L",
"SCORE": "6.300",
"AC": "L",
"S": "U",
"AV": "N",
"PR": "L",
"A": "L"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6469407",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)",
"name": "https://www.ibm.com/support/pages/node/6469407"
},
{
"name": "ibm-guardium-cve202120378-sessoin-fixation (195709)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195709",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0.0.2"
},
{
"version_value": "4.0.0.4"
}
]
},
"product_name": "Guardium Data Encryption"
}
]
}
}
]
}
}
}

93
2021/20xxx/CVE-2021-20379.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20379",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Guardium Data Encryption",
"version": {
"version_data": [
{
"version_value": "3.0.0.2"
},
{
"version_value": "4.0.0.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"UI": "N",
"C": "H",
"SCORE": "5.900",
"S": "U",
"AC": "H",
"A": "N",
"AV": "N",
"PR": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6469407",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)",
"name": "https://www.ibm.com/support/pages/node/6469407"
},
{
"name": "ibm-guardium-cve202120379-info-disc (195711)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195711"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-06T00:00:00",
"ID": "CVE-2021-20379",
"STATE": "PUBLIC"
}
}

86
2021/20xxx/CVE-2021-20415.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-20415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-06T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2021-20415"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.0.0.4"
}
]
},
"product_name": "Guardium Data Encryption"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6469691",
"title": "IBM Security Bulletin 6469691 (Guardium Data Encryption)",
"url": "https://www.ibm.com/support/pages/node/6469691",
"refsource": "CONFIRM"
},
{
"name": "ibm-gde-cve202120415-info-disc (196217)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196217",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AV": "N",
"PR": "N",
"AC": "H",
"S": "U",
"C": "H",
"SCORE": "5.900",
"I": "N",
"UI": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
}
}

91
2021/20xxx/CVE-2021-20416.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"AC": "H",
"PR": "N",
"AV": "N",
"A": "N",
"UI": "N",
"I": "N",
"SCORE": "3.700",
"C": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6469407",
"title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)",
"url": "https://www.ibm.com/support/pages/node/6469407",
"refsource": "CONFIRM"
},
{
"name": "ibm-gde-cve202120416-info-disc (196218)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196218",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218."
}
]
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Guardium Data Encryption",
"version": {
"version_data": [
{
"version_value": "3.0.0.2"
},
{
"version_value": "4.0.0.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20416",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE"
}

94
2021/20xxx/CVE-2021-20417.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219",
"lang": "eng"
}
]
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Guardium Data Encryption",
"version": {
"version_data": [
{
"version_value": "4.0.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6469691",
"title": "IBM Security Bulletin 6469691 (Guardium Data Encryption)",
"name": "https://www.ibm.com/support/pages/node/6469691"
},
{
"name": "ibm-gde-cve202120417-info-disc (196219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196219",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"I": "N",
"SCORE": "4.300",
"C": "L",
"S": "U",
"AC": "L",
"PR": "L",
"AV": "N",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-06T00:00:00",
"ID": "CVE-2021-20417",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0"
}

105
2021/20xxx/CVE-2021-20474.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20474",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"description" : {
"description_data" : [
{
"value" : "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0.0.2"
},
{
"version_value" : "4.0.0.4"
}
]
},
"product_name" : "Guardium Data Encryption"
}
]
}
}
]
}
}
]
}
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "L",
"S" : "U",
"A" : "N",
"AV" : "N",
"PR" : "N",
"I" : "L",
"UI" : "N",
"C" : "L",
"SCORE" : "6.500"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)",
"url" : "https://www.ibm.com/support/pages/node/6469407",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6469407"
},
{
"name" : "ibm-gde-cve202120474-missing-auth (196945)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196945"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-07-06T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20474"
}
}

5
2021/21xxx/CVE-2021-21289.json
View File

@ -103,6 +103,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210216 [SECURITY] [DLA 2561-1] ruby-mechanize security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-17",
"url": "https://security.gentoo.org/glsa/202107-17"
}
]
},

50
2021/21xxx/CVE-2021-21775.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage."
}
]
}

50
2021/21xxx/CVE-2021-21779.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way Webkit\u2019s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21786.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Iobit",
"version": {
"version_data": [
{
"version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21787.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Iobit",
"version": {
"version_data": [
{
"version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users."
}
]
}

50
2021/21xxx/CVE-2021-21788.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Iobit",
"version": {
"version_data": [
{
"version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21789.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Iobit",
"version": {
"version_data": [
{
"version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21793.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.8 , Accusoft ImageGear 19.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1257",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1257"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21794.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft\"",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1261",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1261"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21806.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21807.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1275",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1275"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

50
2021/21xxx/CVE-2021-21821.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Accusoft",
"version": {
"version_data": [
{
"version_value": "Accusoft ImageGear 19.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1286",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1286"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

15
2021/22xxx/CVE-2021-22543.json
View File

@ -96,6 +96,21 @@
"refsource": "MLIST",
"name": "[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE",
"url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-fe826f202e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-95f2f1cfc7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0002/"
}
]
},

5
2021/22xxx/CVE-2021-22911.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html"
}
]
},

5
2021/23xxx/CVE-2021-23017.json
View File

@ -88,6 +88,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-393d698493",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
}
]
},

2
2021/23xxx/CVE-2021-23169.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119"
"value": "CWE-787"
}
]
}

66
2021/25xxx/CVE-2021-25426.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "P(9.0), Q(10.0) , R(11.0)",
"version_value": "SMR July-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25427.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR July-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25428.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR July-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25429.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR July-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25430.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "P(9.0), Q(10.0) , R(11.0)",
"version_value": "SMR July-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25431.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cameralyzer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25432.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Members",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25433.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tizen wearable devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Tizen 5.5",
"version_value": "Firmware update JUL-2021 Release"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25434.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tizen wearable devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Tizen 5.5",
"version_value": "Firmware update JUL-2021 Release"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25435.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tizen wearable devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Tizen 5.5",
"version_value": "Firmware update JUL-2021 Release"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25436.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tizen wearable devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Tizen 5.5",
"version_value": "Firmware update JUL-2021 Release"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25437.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tizen wearable devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Tizen 5.5",
"version_value": "Firmware update JUL-2021 Release"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25438.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Members",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25439.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Members",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25440.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryCameraFB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "3.4.74"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25441.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR Emoji Editor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.4.03.5 in Android Q(10.0) and above"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2021/25xxx/CVE-2021-25442.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knox Mobile Enrollment",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "KCS 1.39"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2021/27xxx/CVE-2021-27886.json
View File

@ -66,6 +66,11 @@
"url": "https://www.docker.com/legal/trademark-guidelines",
"refsource": "MISC",
"name": "https://www.docker.com/legal/trademark-guidelines"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163416/Docker-Dashboard-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/163416/Docker-Dashboard-Remote-Command-Execution.html"
}
]
}

5
2021/28xxx/CVE-2021-28113.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://www.okta.com/security-advisories/cve-2021-28113",
"url": "https://www.okta.com/security-advisories/cve-2021-28113"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html",
"url": "http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html"
}
]
},

126
2021/28xxx/CVE-2021-28809.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-07-08T15:22:00.000Z",
"ID": "CVE-2021-28809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Missing Authentication for Critical Function in RTRR Server\u00a0in HBS3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HBS 3",
"version": {
"version_data": [
{
"platform": "QTS 4.3.6",
"version_affected": "<",
"version_value": "v3.0.210507"
},
{
"platform": "QTS 4.3.4",
"version_affected": "<",
"version_value": "v3.0.210506"
},
{
"platform": "QTS 4.3.3",
"version_affected": "<",
"version_value": "v3.0.210506"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro\u2019s Zero Day Initiative"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-19",
"name": "https://www.qnap.com/en/security-advisory/qsa-21-19"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed this vulnerability in the following versions of HBS 3:\nQTS 4.3.6: HBS 3 v3.0.210507 and later\nQTS 4.3.4: HBS 3 v3.0.210506 and later\nQTS 4.3.3: HBS 3 v3.0.210506 and later\n"
}
],
"source": {
"advisory": "QSA-21-19",
"discovery": "EXTERNAL"
}
}

50
2021/29xxx/CVE-2021-29150.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote insecure deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2021/29xxx/CVE-2021-29151.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2021/29xxx/CVE-2021-29152.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

5
2021/29xxx/CVE-2021-29505.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210705 [SECURITY] [DLA 2704-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0007/"
}
]
},

97
2021/29xxx/CVE-2021-29759.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"C": "H",
"SCORE": "4.400",
"I": "N",
"UI": "N",
"AV": "L",
"PR": "H",
"A": "N",
"AC": "L",
"S": "U"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6469449",
"url": "https://www.ibm.com/support/pages/node/6469449",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)"
},
{
"name": "ibm-appconnect-cve202129759-info-disc (202212)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "App Connect Enterprise Certified Container",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212."
}
]
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-06T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2021-29759"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE"
}

5
2021/30xxx/CVE-2021-30465.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405",
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0003/"
}
]
}

63
2021/31xxx/CVE-2021-31816.json
View File

@ -3,15 +3,72 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@octopus.com",
"ID": "CVE-2021-31816",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_value": ">=",
"version_affected": "0.9"
},
{
"version_value": "<",
"version_affected": "2020.6.5146"
},
{
"version_value": ">=",
"version_affected": "2021.1.7149"
},
{
"version_value": "<",
"version_affected": "2021.1.7316"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information (Windows)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html",
"refsource": "MISC",
"name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
}
]
}

63
2021/31xxx/CVE-2021-31817.json
View File

@ -3,15 +3,72 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@octopus.com",
"ID": "CVE-2021-31817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_value": ">=",
"version_affected": "2020.6.4671"
},
{
"version_value": "<",
"version_affected": "2020.6.5146"
},
{
"version_value": ">=",
"version_affected": "2021.1.7149"
},
{
"version_value": "<",
"version_affected": "2021.1.7316"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information (Linux Container)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html",
"refsource": "MISC",
"name": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
}
]
}

61
2021/32xxx/CVE-2021-32461.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32461",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Password Manager",
"version": {
"version_data": [
{
"version_value": "5.0.0.1217 and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Truncation Priv Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-773/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-773/"
}
]
}

61
2021/32xxx/CVE-2021-32462.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Password Manager",
"version": {
"version_data": [
{
"version_value": "5.0.0.1217 and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed Hazardous Function RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-774/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-774/"
}
]
}

77
2021/32xxx/CVE-2021-32714.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Integer Overflow in Chunked Transfer-Encoding"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hyper",
"version": {
"version_data": [
{
"version_value": "< 0.14.10"
}
]
}
}
]
},
"vendor_name": "hyperium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in \"request smuggling\" or \"desync attacks.\" The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9",
"refsource": "CONFIRM",
"url": "https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9"
}
]
},
"source": {
"advisory": "GHSA-5h46-h7hh-c6x9",
"discovery": "UNKNOWN"
}
}

82
2021/32xxx/CVE-2021-32715.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Lenient Parsing of Content-Length Header When Prefixed with Plus Sign"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hyper",
"version": {
"version_data": [
{
"version_value": "< 0.14.10"
}
]
}
}
]
},
"vendor_name": "hyperium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in \"request smuggling\" or \"desync attacks\". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c",
"refsource": "CONFIRM",
"url": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c"
},
{
"name": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739",
"refsource": "MISC",
"url": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739"
}
]
},
"source": {
"advisory": "GHSA-f3pg-qwvg-p99c",
"discovery": "UNKNOWN"
}
}

5
2021/33xxx/CVE-2021-33503.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-a6bde7ab18",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-9c5f3b8aae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/"
}
]
}

76
2021/34xxx/CVE-2021-34110.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with \"LocalSystem\" privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://winwastenet.com",
"refsource": "MISC",
"name": "http://winwastenet.com"
},
{
"refsource": "MISC",
"name": "http://nica.it",
"url": "http://nica.it"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/163335/WinWaste.NET-1.0.6183.16475-Local-Privilege-Escalation.html",
"url": "https://packetstormsecurity.com/files/163335/WinWaste.NET-1.0.6183.16475-Local-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204780",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204780"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50083",
"url": "https://www.exploit-db.com/exploits/50083"
}
]
}

53
2021/34xxx/CVE-2021-34430.json
View File

@ -4,15 +4,60 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@eclipse.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Eclipse TinyDTLS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "0.9-rc1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803"
}
]
}
}
}

5
2021/34xxx/CVE-2021-34527.json
View File

@ -284,6 +284,11 @@
},
"references": {
"reference_data": [
{
"refsource": "CERT-VN",
"name": "VU#383432",
"url": "https://www.kb.cert.org/vuls/id/383432"
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527",
"refsource": "MISC",

Some files were not shown because too many files have changed in this diff Show More