diff --git a/2020/27xxx/CVE-2020-27413.json b/2020/27xxx/CVE-2020-27413.json index 5b8e9d8c55b..83c1e0fdb32 100644 --- a/2020/27xxx/CVE-2020-27413.json +++ b/2020/27xxx/CVE-2020-27413.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://maharashtra.com", + "refsource": "MISC", + "name": "http://maharashtra.com" + }, + { + "url": "http://mahavitaran.com", + "refsource": "MISC", + "name": "http://mahavitaran.com" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.msedcl.app&utm_source=APKdownloadMirror.com", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.msedcl.app&utm_source=APKdownloadMirror.com" + }, + { + "refsource": "MISC", + "name": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/", + "url": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/" } ] } diff --git a/2021/22xxx/CVE-2021-22955.json b/2021/22xxx/CVE-2021-22955.json index e11659fc1fd..35f1f9a488d 100644 --- a/2021/22xxx/CVE-2021-22955.json +++ b/2021/22xxx/CVE-2021-22955.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC 111.1, 2.1, 13.0,13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX330728", + "url": "https://support.citrix.com/article/CTX330728" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication." } ] } diff --git a/2021/22xxx/CVE-2021-22956.json b/2021/22xxx/CVE-2021-22956.json index a41950b5e82..eb1baddd526 100644 --- a/2021/22xxx/CVE-2021-22956.json +++ b/2021/22xxx/CVE-2021-22956.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC 11.1,12.1,13.0,13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX330728", + "url": "https://support.citrix.com/article/CTX330728" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication." } ] } diff --git a/2021/3xxx/CVE-2021-3466.json b/2021/3xxx/CVE-2021-3466.json index 8a51f76e5f9..2440167220c 100644 --- a/2021/3xxx/CVE-2021-3466.json +++ b/2021/3xxx/CVE-2021-3466.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "libmicrohttpd 0.9.71" + "version_value": "libmicrohttpd 0.9.70" } ] } @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + "value": "A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable." } ] } diff --git a/2021/42xxx/CVE-2021-42124.json b/2021/42xxx/CVE-2021-42124.json index 8e53c26bebc..522ad02c647 100644 --- a/2021/42xxx/CVE-2021-42124.json +++ b/2021/42xxx/CVE-2021-42124.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover." } ] } diff --git a/2021/42xxx/CVE-2021-42125.json b/2021/42xxx/CVE-2021-42125.json index f83c7219b45..c70ec447ed3 100644 --- a/2021/42xxx/CVE-2021-42125.json +++ b/2021/42xxx/CVE-2021-42125.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalance", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data (CWE-502)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files." } ] } diff --git a/2021/42xxx/CVE-2021-42126.json b/2021/42xxx/CVE-2021-42126.json index a318ca7ccd6..99a00c8dffa 100644 --- a/2021/42xxx/CVE-2021-42126.json +++ b/2021/42xxx/CVE-2021-42126.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation." } ] } diff --git a/2021/42xxx/CVE-2021-42127.json b/2021/42xxx/CVE-2021-42127.json index 355e95fb4fd..95cd1b41e54 100644 --- a/2021/42xxx/CVE-2021-42127.json +++ b/2021/42xxx/CVE-2021-42127.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data (CWE-502)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service." } ] } diff --git a/2021/42xxx/CVE-2021-42128.json b/2021/42xxx/CVE-2021-42128.json index 830973d84e8..3290ddd4150 100644 --- a/2021/42xxx/CVE-2021-42128.json +++ b/2021/42xxx/CVE-2021-42128.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposed Dangerous Method or Function (CWE-749)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service." } ] } diff --git a/2021/42xxx/CVE-2021-42129.json b/2021/42xxx/CVE-2021-42129.json index 6460a04490d..e0023ef399a 100644 --- a/2021/42xxx/CVE-2021-42129.json +++ b/2021/42xxx/CVE-2021-42129.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution." } ] } diff --git a/2021/42xxx/CVE-2021-42130.json b/2021/42xxx/CVE-2021-42130.json index 79a5cd62a02..79712b5cabf 100644 --- a/2021/42xxx/CVE-2021-42130.json +++ b/2021/42xxx/CVE-2021-42130.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data (CWE-502)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution." } ] } diff --git a/2021/42xxx/CVE-2021-42131.json b/2021/42xxx/CVE-2021-42131.json index aad8bdb5126..2ed486532d8 100644 --- a/2021/42xxx/CVE-2021-42131.json +++ b/2021/42xxx/CVE-2021-42131.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation." } ] } diff --git a/2021/42xxx/CVE-2021-42132.json b/2021/42xxx/CVE-2021-42132.json index ffbaf952a28..dda0cdefb73 100644 --- a/2021/42xxx/CVE-2021-42132.json +++ b/2021/42xxx/CVE-2021-42132.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution." } ] } diff --git a/2021/42xxx/CVE-2021-42133.json b/2021/42xxx/CVE-2021-42133.json index 66698581d42..6d67eb05c0c 100644 --- a/2021/42xxx/CVE-2021-42133.json +++ b/2021/42xxx/CVE-2021-42133.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Avalanche", + "version": { + "version_data": [ + { + "version_value": "6.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type (CWE-434)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3", + "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write." } ] } diff --git a/2021/44xxx/CVE-2021-44185.json b/2021/44xxx/CVE-2021-44185.json index e41f0ad282e..1f4d4e8fa12 100644 --- a/2021/44xxx/CVE-2021-44185.json +++ b/2021/44xxx/CVE-2021-44185.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-10-26T23:00:00.000Z", "ID": "CVE-2021-44185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge RGB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious RGB file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44186.json b/2021/44xxx/CVE-2021-44186.json index 339629fa78e..3230ca10a6f 100644 --- a/2021/44xxx/CVE-2021-44186.json +++ b/2021/44xxx/CVE-2021-44186.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-10-26T23:00:00.000Z", "ID": "CVE-2021-44186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44187.json b/2021/44xxx/CVE-2021-44187.json index 9dba2ca0aa4..e2ca1c907ee 100644 --- a/2021/44xxx/CVE-2021-44187.json +++ b/2021/44xxx/CVE-2021-44187.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-10-26T23:00:00.000Z", "ID": "CVE-2021-44187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44352.json b/2021/44xxx/CVE-2021-44352.json index bf5d85e0634..2ee9397c22e 100644 --- a/2021/44xxx/CVE-2021-44352.json +++ b/2021/44xxx/CVE-2021-44352.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind." + "value": "A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind." } ] }, diff --git a/2021/44xxx/CVE-2021-44527.json b/2021/44xxx/CVE-2021-44527.json index 1fbca6d1815..6d1b44307db 100644 --- a/2021/44xxx/CVE-2021-44527.json +++ b/2021/44xxx/CVE-2021-44527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "UniFi Switches", + "version": { + "version_data": [ + { + "version_value": "Fixed in 5.76.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb", + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later." } ] }