From 7abac23547d01618a061bd46599eb0135c5c07a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Feb 2021 20:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21012.json | 53 ++++++++++++-------- 2021/21xxx/CVE-2021-21013.json | 51 ++++++++++++------- 2021/21xxx/CVE-2021-21015.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21016.json | 86 +++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21017.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21018.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21019.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21020.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21022.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21023.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21024.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21025.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21026.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21027.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21028.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21029.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21030.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21031.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21032.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21035.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21037.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21038.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21040.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21042.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21044.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21045.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21046.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21057.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21060.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21061.json | 90 +++++++++++++++++++++++++++++++--- 2021/25xxx/CVE-2021-25251.json | 2 +- 31 files changed, 2414 insertions(+), 208 deletions(-) diff --git a/2021/21xxx/CVE-2021-21012.json b/2021/21xxx/CVE-2021-21012.json index 3cbbfb25c51..d6118e86f1d 100644 --- a/2021/21xxx/CVE-2021-21012.json +++ b/2021/21xxx/CVE-2021-21012.json @@ -1,30 +1,43 @@ { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", - "DATE_PUBLIC": "2021-01-12T23:00:00.000Z", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21012", "STATE": "PUBLIC", - "TITLE": "Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability" + "TITLE": "Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Adobe", "product": { "product_data": [ { - "product_name": "Bridge", + "product_name": "Magento Commerce", "version": { "version_data": [ { - "version_value": "11.0 and earlier" + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" } ] } } ] - } + }, + "vendor_name": "Adobe" } ] } @@ -36,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure." } ] }, "impact": { "cvss": { - "attackComplexity": "Low", - "attackVector": "Local", - "availabilityImpact": "High", - "baseScore": 7.8, - "baseSeverity": "High", - "confidentialityImpact": "High", - "integrityImpact": "High", + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", "privilegesRequired": "None", - "scope": "Unchanged", - "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, @@ -62,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write (CWE-787)" + "value": "Incorrect Authorization (CWE-863)" } ] } @@ -72,8 +85,8 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://helpx.adobe.com/security/products/bridge/apsb21-07.html", - "name": "https://helpx.adobe.com/security/products/bridge/apsb21-07.html" + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21013.json b/2021/21xxx/CVE-2021-21013.json index 183d953c08a..5c95edb8739 100644 --- a/2021/21xxx/CVE-2021-21013.json +++ b/2021/21xxx/CVE-2021-21013.json @@ -1,30 +1,43 @@ { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", - "DATE_PUBLIC": "2021-01-12T23:00:00.000Z", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21013", "STATE": "PUBLIC", - "TITLE": "Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability" + "TITLE": "Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Adobe", "product": { "product_data": [ { - "product_name": "Bridge", + "product_name": "Magento Commerce", "version": { "version_data": [ { - "version_value": "11.0 and earlier" + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" } ] } } ] - } + }, + "vendor_name": "Adobe" } ] } @@ -36,23 +49,23 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure." } ] }, "impact": { "cvss": { - "attackComplexity": "Low", - "attackVector": "Local", - "availabilityImpact": "High", - "baseScore": 7.8, + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.1, "baseSeverity": "High", - "confidentialityImpact": "High", - "integrityImpact": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", "privilegesRequired": "None", - "scope": "Unchanged", - "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } }, @@ -62,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write (CWE-787)" + "value": "Incorrect Authorization (CWE-863)" } ] } @@ -72,8 +85,8 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://helpx.adobe.com/security/products/bridge/apsb21-07.html", - "name": "https://helpx.adobe.com/security/products/bridge/apsb21-07.html" + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21015.json b/2021/21xxx/CVE-2021-21015.json index c0cd9ee4ae8..e58e8a98f37 100644 --- a/2021/21xxx/CVE-2021-21015.json +++ b/2021/21xxx/CVE-2021-21015.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21016.json b/2021/21xxx/CVE-2021-21016.json index c7838d109f6..6724a899cb4 100644 --- a/2021/21xxx/CVE-2021-21016.json +++ b/2021/21xxx/CVE-2021-21016.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21017.json b/2021/21xxx/CVE-2021-21017.json index d8091b49d97..9f3c1582830 100644 --- a/2021/21xxx/CVE-2021-21017.json +++ b/2021/21xxx/CVE-2021-21017.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 8.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21018.json b/2021/21xxx/CVE-2021-21018.json index e7fac0d7ee7..4f1ca8ee020 100644 --- a/2021/21xxx/CVE-2021-21018.json +++ b/2021/21xxx/CVE-2021-21018.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21019.json b/2021/21xxx/CVE-2021-21019.json index daa091d672b..410d21fffd1 100644 --- a/2021/21xxx/CVE-2021-21019.json +++ b/2021/21xxx/CVE-2021-21019.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce XML Injection Could Lead To Remote Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Injection (aka Blind XPath Injection) (CWE-91)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21020.json b/2021/21xxx/CVE-2021-21020.json index c5c079652e4..c6b37aa5c29 100644 --- a/2021/21xxx/CVE-2021-21020.json +++ b/2021/21xxx/CVE-2021-21020.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Improper Access Control Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21022.json b/2021/21xxx/CVE-2021-21022.json index c92030b97fc..e5d0f57cc41 100644 --- a/2021/21xxx/CVE-2021-21022.json +++ b/2021/21xxx/CVE-2021-21022.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Incorrect permissions Could Lead To Unauthorized Access" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21023.json b/2021/21xxx/CVE-2021-21023.json index ac21ce86ce0..7b83c825470 100644 --- a/2021/21xxx/CVE-2021-21023.json +++ b/2021/21xxx/CVE-2021-21023.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4.8, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21024.json b/2021/21xxx/CVE-2021-21024.json index b6974d44b03..393ff3013ea 100644 --- a/2021/21xxx/CVE-2021-21024.json +++ b/2021/21xxx/CVE-2021-21024.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21025.json b/2021/21xxx/CVE-2021-21025.json index 046dc2a880a..803df8a0712 100644 --- a/2021/21xxx/CVE-2021-21025.json +++ b/2021/21xxx/CVE-2021-21025.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce XML Injection Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Injection (aka Blind XPath Injection) (CWE-91)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21026.json b/2021/21xxx/CVE-2021-21026.json index ea89e991002..921b80223be 100644 --- a/2021/21xxx/CVE-2021-21026.json +++ b/2021/21xxx/CVE-2021-21026.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Incorrect permissions Could Lead To Unauthorized Access" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21027.json b/2021/21xxx/CVE-2021-21027.json index a36a579bbd1..23dd87030bc 100644 --- a/2021/21xxx/CVE-2021-21027.json +++ b/2021/21xxx/CVE-2021-21027.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21028.json b/2021/21xxx/CVE-2021-21028.json index ff47d6eba87..de4ac4ad295 100644 --- a/2021/21xxx/CVE-2021-21028.json +++ b/2021/21xxx/CVE-2021-21028.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21029.json b/2021/21xxx/CVE-2021-21029.json index 1011347455c..4b9ede90934 100644 --- a/2021/21xxx/CVE-2021-21029.json +++ b/2021/21xxx/CVE-2021-21029.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4.6, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21030.json b/2021/21xxx/CVE-2021-21030.json index fc3f0fbc63c..736543afebb 100644 --- a/2021/21xxx/CVE-2021-21030.json +++ b/2021/21xxx/CVE-2021-21030.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 8.1, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21031.json b/2021/21xxx/CVE-2021-21031.json index aa2f7a9e09d..b57ae0aeee0 100644 --- a/2021/21xxx/CVE-2021-21031.json +++ b/2021/21xxx/CVE-2021-21031.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento.com", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.6, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Session Expiration (CWE-613)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21032.json b/2021/21xxx/CVE-2021-21032.json index 6cd930ada44..8d423c4c6ab 100644 --- a/2021/21xxx/CVE-2021-21032.json +++ b/2021/21xxx/CVE-2021-21032.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 5.7, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Session Expiration (CWE-613)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21035.json b/2021/21xxx/CVE-2021-21035.json index bcde9b0c2fd..25dc92166e8 100644 --- a/2021/21xxx/CVE-2021-21035.json +++ b/2021/21xxx/CVE-2021-21035.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21035", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21037.json b/2021/21xxx/CVE-2021-21037.json index 17f4dcde10a..287c55f54ec 100644 --- a/2021/21xxx/CVE-2021-21037.json +++ b/2021/21xxx/CVE-2021-21037.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Path Traversal Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21038.json b/2021/21xxx/CVE-2021-21038.json index 466b5d8ad8d..bf471b0d7f4 100644 --- a/2021/21xxx/CVE-2021-21038.json +++ b/2021/21xxx/CVE-2021-21038.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21040.json b/2021/21xxx/CVE-2021-21040.json index 418f3220f8e..cbf8e7e8c76 100644 --- a/2021/21xxx/CVE-2021-21040.json +++ b/2021/21xxx/CVE-2021-21040.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21042.json b/2021/21xxx/CVE-2021-21042.json index 9ac5cea2913..6269a4fdc89 100644 --- a/2021/21xxx/CVE-2021-21042.json +++ b/2021/21xxx/CVE-2021-21042.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21044.json b/2021/21xxx/CVE-2021-21044.json index 2ccf660568a..a1d1dacee9f 100644 --- a/2021/21xxx/CVE-2021-21044.json +++ b/2021/21xxx/CVE-2021-21044.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21045.json b/2021/21xxx/CVE-2021-21045.json index 08801aa5b71..1c46532951e 100644 --- a/2021/21xxx/CVE-2021-21045.json +++ b/2021/21xxx/CVE-2021-21045.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2021-21045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Improper Installer Access Control Vulnerability Could Lead To Privilege Escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 8.2, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21046.json b/2021/21xxx/CVE-2021-21046.json index b590b276097..39df812fa3a 100644 --- a/2021/21xxx/CVE-2021-21046.json +++ b/2021/21xxx/CVE-2021-21046.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21057.json b/2021/21xxx/CVE-2021-21057.json index 2f1adc9c312..6378a721e18 100644 --- a/2021/21xxx/CVE-2021-21057.json +++ b/2021/21xxx/CVE-2021-21057.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Invalid Memory Read Due To An Uninitialized Pointer" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 6.6, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21060.json b/2021/21xxx/CVE-2021-21060.json index 4177dc71833..104988f50fa 100644 --- a/2021/21xxx/CVE-2021-21060.json +++ b/2021/21xxx/CVE-2021-21060.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Pro DC Improper File Parsing Could Lead to Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 4.6, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21061.json b/2021/21xxx/CVE-2021-21061.json index 19fa53dca58..3bba48dd6fe 100644 --- a/2021/21xxx/CVE-2021-21061.json +++ b/2021/21xxx/CVE-2021-21061.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Pro DC Use-After-Free Vulnerability Could Lead to Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25251.json b/2021/25xxx/CVE-2021-25251.json index 2dfb5d75b06..54066f1c48a 100644 --- a/2021/25xxx/CVE-2021-25251.json +++ b/2021/25xxx/CVE-2021-25251.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\ufffds password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability." + "value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability." } ] },