diff --git a/2020/7xxx/CVE-2020-7862.json b/2020/7xxx/CVE-2020-7862.json index af72b91013f..0378ecf7a47 100644 --- a/2020/7xxx/CVE-2020-7862.json +++ b/2020/7xxx/CVE-2020-7862.json @@ -1,18 +1,145 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2021-06-23T05:51:00.000Z", "ID": "CVE-2020-7862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "HelpU Overflow Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HelpuViewer.exe", + "version": { + "version_data": [ + { + "platform": "x86, x64", + "version_affected": "<=", + "version_name": "2018.5.21.0", + "version_value": "2020.11.20.0" + } + ] + } + }, + { + "product_name": "HelpuServer.exe", + "version": { + "version_data": [ + { + "platform": "x86, x64", + "version_affected": "<=", + "version_name": "1.0.0.2", + "version_value": "2020.11.20.0" + } + ] + } + }, + { + "product_name": "HelpuFTClient.dll", + "version": { + "version_data": [ + { + "platform": "x86, x64", + "version_name": "3.0.0.0", + "version_value": "2020.11.20.0" + } + ] + } + }, + { + "product_name": "HelpuFTServer.dll", + "version": { + "version_data": [ + { + "platform": "x86, x64", + "version_name": "3.0.0.0", + "version_value": "2020.11.20.0" + } + ] + } + } + ] + }, + "vendor_name": "Helpu,inc" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Jeongun Back for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36094", + "name": "https://krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36094" + }, + { + "refsource": "MISC", + "url": "https://helpu.co.kr/customer/download.html", + "name": "https://helpu.co.kr/customer/download.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21737.json b/2021/21xxx/CVE-2021-21737.json index 90aa361cedd..4e9bfa99914 100644 --- a/2021/21xxx/CVE-2021-21737.json +++ b/2021/21xxx/CVE-2021-21737.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZXV10 B860H V5.0", + "version": { + "version_data": [ + { + "version_value": "V83011303.0010,V83011303.0016" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "permission and access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016004", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016" } ] } diff --git a/2021/25xxx/CVE-2021-25923.json b/2021/25xxx/CVE-2021-25923.json index 2a4cc38f86f..0bb4bfedff1 100644 --- a/2021/25xxx/CVE-2021-25923.json +++ b/2021/25xxx/CVE-2021-25923.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25923", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openemr", + "version": { + "version_data": [ + { + "version_value": "v5.0.0, v5.0.0.5, v5.0.0.6, v5.0.1, v5.0.1.1, v5.0.1.2, v5.0.1.3, v5.0.1.4, v5.0.1.5, v5.0.1.6, v5.0.1.7, v5.0.2, v5.0.2.1, v5.0.2.2, v5.0.2.3, v5.0.2.4, v6.0.0, v6.0.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak Password Requirements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923" + }, + { + "refsource": "MISC", + "name": "https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0", + "url": "https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user\u2019s password, he can leverage it to an account takeover." } ] } diff --git a/2021/35xxx/CVE-2021-35475.json b/2021/35xxx/CVE-2021-35475.json new file mode 100644 index 00000000000..76ec91cbcf0 --- /dev/null +++ b/2021/35xxx/CVE-2021-35475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-35475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file