diff --git a/2020/24xxx/CVE-2020-24421.json b/2020/24xxx/CVE-2020-24421.json index ee8eca2b2e8..204a4058b8c 100644 --- a/2020/24xxx/CVE-2020-24421.json +++ b/2020/24xxx/CVE-2020-24421.json @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Local", - "availabilityImpact": "High", - "baseScore": 5.5, - "baseSeverity": "Medium", + "availabilityImpact": "Low", + "baseScore": 3.3, + "baseSeverity": "Low", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, diff --git a/2020/24xxx/CVE-2020-24439.json b/2020/24xxx/CVE-2020-24439.json index 3ee7bc8fcbf..48bdefb12d3 100644 --- a/2020/24xxx/CVE-2020-24439.json +++ b/2020/24xxx/CVE-2020-24439.json @@ -55,7 +55,7 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", "baseScore": 2.2, @@ -65,7 +65,7 @@ "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, diff --git a/2020/7xxx/CVE-2020-7506.json b/2020/7xxx/CVE-2020-7506.json index c2fccdd7c99..eac03fabdc9 100644 --- a/2020/7xxx/CVE-2020-7506.json +++ b/2020/7xxx/CVE-2020-7506.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "product_name": "Easergy T300 Firmware V1.5.2 and prior", "version": { "version_data": [ { - "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + "version_value": "Easergy T300 Firmware V1.5.2 and prior" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-538: File and Directory Information Exposure" + "value": "CWE-200: Information Exposure" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", - "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure." + "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure." } ] } diff --git a/2020/7xxx/CVE-2020-7515.json b/2020/7xxx/CVE-2020-7515.json index 47da28a1634..006e992f1f0 100644 --- a/2020/7xxx/CVE-2020-7515.json +++ b/2020/7xxx/CVE-2020-7515.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Easergy Builder (Version 1.4.7.2 and older)", + "product_name": "Easergy Builder V1.4.7.2 and prior", "version": { "version_data": [ { - "version_value": "Easergy Builder (Version 1.4.7.2 and older)" + "version_value": "Easergy Builder V1.4.7.2 and prior" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-321: Use of hard-coded cryptographic key stored in cleartext" + "value": "CWE-798: Use of Hard-coded Credentials" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05", - "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05" + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password." + "value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password." } ] } diff --git a/2020/7xxx/CVE-2020-7516.json b/2020/7xxx/CVE-2020-7516.json index 6ed552cfcf2..e42a7689675 100644 --- a/2020/7xxx/CVE-2020-7516.json +++ b/2020/7xxx/CVE-2020-7516.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Easergy Builder (Version 1.4.7.2 and older)", + "product_name": "Easergy Builder V1.4.7.2 and prior", "version": { "version_data": [ { - "version_value": "Easergy Builder (Version 1.4.7.2 and older)" + "version_value": "Easergy Builder V1.4.7.2 and prior" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-316: Cleartext Storage of Sensitive Information in Memory" + "value": "CWE-312: Cleartext Storage of Sensitive Information" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05", - "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05" + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials." + "value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials." } ] } diff --git a/2020/7xxx/CVE-2020-7860.json b/2020/7xxx/CVE-2020-7860.json index 71ee0b15932..9b4a5e08e3e 100644 --- a/2020/7xxx/CVE-2020-7860.json +++ b/2020/7xxx/CVE-2020-7860.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2021-04-28T06:41:00.000Z", "ID": "CVE-2020-7860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UnEGG", + "version": { + "version_data": [ + { + "platform": "linux", + "version_affected": "<", + "version_name": "0.5", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "Estsoft" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.altools.co.kr/Download/ALZip.aspx", + "name": "https://www.altools.co.kr/Download/ALZip.aspx" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21013.json b/2021/21xxx/CVE-2021-21013.json index d3142dd20f2..a319256a5fb 100644 --- a/2021/21xxx/CVE-2021-21013.json +++ b/2021/21xxx/CVE-2021-21013.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure." } ] }, @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Network", - "availabilityImpact": "None", - "baseScore": 8.1, + "availabilityImpact": "High", + "baseScore": 8.0, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", - "userInteraction": "None", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21021.json b/2021/21xxx/CVE-2021-21021.json index fb78fa32891..ad7016c0c72 100644 --- a/2021/21xxx/CVE-2021-21021.json +++ b/2021/21xxx/CVE-2021-21021.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", - "availabilityImpact": "None", - "baseScore": 7.8, + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21028.json b/2021/21xxx/CVE-2021-21028.json index de4ac4ad295..4b28029f64a 100644 --- a/2021/21xxx/CVE-2021-21028.json +++ b/2021/21xxx/CVE-2021-21028.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", - "availabilityImpact": "None", - "baseScore": 7.8, + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21029.json b/2021/21xxx/CVE-2021-21029.json index 4b9ede90934..122394cdf16 100644 --- a/2021/21xxx/CVE-2021-21029.json +++ b/2021/21xxx/CVE-2021-21029.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 4.6, + "baseScore": 4.8, "baseSeverity": "Medium", - "confidentialityImpact": "None", - "integrityImpact": "None", - "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "High", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21033.json b/2021/21xxx/CVE-2021-21033.json index 30921276267..665a721a6df 100644 --- a/2021/21xxx/CVE-2021-21033.json +++ b/2021/21xxx/CVE-2021-21033.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", - "availabilityImpact": "None", - "baseScore": 7.8, + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21034.json b/2021/21xxx/CVE-2021-21034.json index 7e9f98b384b..82dab6fe397 100644 --- a/2021/21xxx/CVE-2021-21034.json +++ b/2021/21xxx/CVE-2021-21034.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 4, + "baseScore": 4.3, "baseSeverity": "Medium", - "confidentialityImpact": "None", + "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21035.json b/2021/21xxx/CVE-2021-21035.json index 25dc92166e8..2cb71f77c45 100644 --- a/2021/21xxx/CVE-2021-21035.json +++ b/2021/21xxx/CVE-2021-21035.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", - "availabilityImpact": "None", - "baseScore": 7.8, + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, "baseSeverity": "High", - "confidentialityImpact": "None", - "integrityImpact": "None", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21042.json b/2021/21xxx/CVE-2021-21042.json index b36e3cba332..58172364713 100644 --- a/2021/21xxx/CVE-2021-21042.json +++ b/2021/21xxx/CVE-2021-21042.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] }, diff --git a/2021/21xxx/CVE-2021-21068.json b/2021/21xxx/CVE-2021-21068.json index 34ce0a137a9..9a3463b1ec8 100644 --- a/2021/21xxx/CVE-2021-21068.json +++ b/2021/21xxx/CVE-2021-21068.json @@ -56,16 +56,16 @@ "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Local", + "attackVector": "Physical", "availabilityImpact": "High", - "baseScore": 7.7, + "baseScore": 6.1, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", - "scope": "Changed", + "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21078.json b/2021/21xxx/CVE-2021-21078.json index f3426cf9a83..2effa7b0740 100644 --- a/2021/21xxx/CVE-2021-21078.json +++ b/2021/21xxx/CVE-2021-21078.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 6.3, + "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21079.json b/2021/21xxx/CVE-2021-21079.json index 4379f6452d1..ee8bb80ce1b 100644 --- a/2021/21xxx/CVE-2021-21079.json +++ b/2021/21xxx/CVE-2021-21079.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 6.4, + "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Unchanged", + "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21080.json b/2021/21xxx/CVE-2021-21080.json index 4eeafcd033b..eddfa07a542 100644 --- a/2021/21xxx/CVE-2021-21080.json +++ b/2021/21xxx/CVE-2021-21080.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 6.4, + "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Unchanged", + "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21082.json b/2021/21xxx/CVE-2021-21082.json index 782f0aa1202..0c0fb4071a3 100644 --- a/2021/21xxx/CVE-2021-21082.json +++ b/2021/21xxx/CVE-2021-21082.json @@ -56,16 +56,16 @@ "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Local", + "attackVector": "Network", "availabilityImpact": "High", - "baseScore": 7.8, + "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/21xxx/CVE-2021-21085.json b/2021/21xxx/CVE-2021-21085.json index f4c6afc2e34..47ad63c60d2 100644 --- a/2021/21xxx/CVE-2021-21085.json +++ b/2021/21xxx/CVE-2021-21085.json @@ -49,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine." + "value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account." } ] }, "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Local", + "attackVector": "Network", "availabilityImpact": "High", - "baseScore": 7.8, + "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/27xxx/CVE-2021-27200.json b/2021/27xxx/CVE-2021-27200.json index b4f57cb7b4e..ed5768be7bd 100644 --- a/2021/27xxx/CVE-2021-27200.json +++ b/2021/27xxx/CVE-2021-27200.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27200", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27200", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wowonder.com", + "refsource": "MISC", + "name": "https://www.wowonder.com" + }, + { + "refsource": "MISC", + "name": "https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200", + "url": "https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49989", + "url": "https://www.exploit-db.com/exploits/49989" } ] } diff --git a/2021/28xxx/CVE-2021-28545.json b/2021/28xxx/CVE-2021-28545.json index 54713582ada..50205543794 100644 --- a/2021/28xxx/CVE-2021-28545.json +++ b/2021/28xxx/CVE-2021-28545.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file." } ] }, diff --git a/2021/28xxx/CVE-2021-28546.json b/2021/28xxx/CVE-2021-28546.json index 836c7500880..19a4e09ef12 100644 --- a/2021/28xxx/CVE-2021-28546.json +++ b/2021/28xxx/CVE-2021-28546.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 8.1, - "baseSeverity": "High", + "baseScore": 6.5, + "baseSeverity": "Medium", "confidentialityImpact": "None", - "integrityImpact": "None", + "integrityImpact": "High", "privilegesRequired": "None", - "scope": "None", - "userInteraction": "None", - "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } },