admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-16 15:01:46 +00:00
parent ae7177e3db
commit 89c0baab58
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 216 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2021/0xxx/CVE-2021-0957.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-11 Android-12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2022-03-01",
"url": "https://source.android.com/security/bulletin/2022-03-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550"
}
]
}

50
2021/33xxx/CVE-2021-33853.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclose@cybersecurityworks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "X2CRM",
"version": {
"version_data": [
{
"version_value": "8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html",
"url": "https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user\u2019s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM."
}
]
}

16
2021/42xxx/CVE-2021-42721.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-08-17T23:00:00.000Z",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42721",
"STATE": "PUBLIC",
"TITLE": "Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution"
"TITLE": "Adobe Bridge Use After Free could lead to Arbitrary code execution"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "Media Encoder",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "15.4"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file."
"value": "Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
"value": "Use After Free (CWE-416)"
}
]
}
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html",
"name": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

16
2021/42xxx/CVE-2021-42723.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42723",
"STATE": "PUBLIC",
"TITLE": "Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution"
"TITLE": "Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "Premiere",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "15.4"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file."
"value": "Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html",
"name": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

32
2021/42xxx/CVE-2021-42725.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42725",
"STATE": "PUBLIC",
"TITLE": "Adobe Experience Manager Improper Access Control via Manipulation of Response Headers"
"TITLE": "Adobe Bridge Memory Corruption could lead to Arbitrary code execution"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "Experience Manager",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.5.9.0"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access."
"value": "Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "None",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html",
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

14
2021/42xxx/CVE-2021-42726.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-08-17T23:00:00.000Z",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42726",
"STATE": "PUBLIC",
"TITLE": "Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution"
"TITLE": "Adobe Bridge Memory Corruption could lead to Arbitrary code execution"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "Media Encoder",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "15.4"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file."
"value": "Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
]
},
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html",
"name": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

22
2021/42xxx/CVE-2021-42727.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-11-09T23:00:00.000Z",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42727",
"STATE": "PUBLIC",
"TITLE": "Adobe RoboHelp Server Directory Traversal Remote Code Execution Vulnerability"
"TITLE": "Adobe Bridge Buffer Overflow Arbitrary code execution"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "RoboHelp Server",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "RHS2020.0.1"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can send an HTTP POST request which will place a malicious .jsp file in the folder 'C:\\Program Files\\Adobe\\Adobe RoboHelp Server 11\\admin' to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server."
"value": "Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)"
"value": "Buffer Overflow (CWE-120)"
}
]
}
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb21-87.html",
"name": "https://helpx.adobe.com/security/products/robohelp-server/apsb21-87.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

24
2021/42xxx/CVE-2021-42733.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42733",
"STATE": "PUBLIC",
"TITLE": "Adobe Prelude Improper Input Validation in XDCAMSAM directory structure Could Lead To Arbitrary Code Execution"
"TITLE": "Adobe Bridge NULL Pointer Dereference could lead to Application denial-of-service"
},
"affects": {
"vendor": {
@ -13,12 +13,12 @@
"product": {
"product_data": [
{
"product_name": "Prelude",
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "10.1"
"version_value": "11.1.1"
},
{
"version_affected": "<=",
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
@ -58,14 +58,14 @@
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
@ -85,8 +85,8 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html",
"name": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},

66
2021/45xxx/CVE-2021-45821.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/btiteam/xbtit-3.1/blob/master/ajaxchat/getHistoryChatData.php",
"refsource": "MISC",
"name": "https://github.com/btiteam/xbtit-3.1/blob/master/ajaxchat/getHistoryChatData.php"
},
{
"url": "https://emaragkos.gr/infosec-adventures/xbtit-3-1-sql-njection/",
"refsource": "MISC",
"name": "https://emaragkos.gr/infosec-adventures/xbtit-3-1-sql-njection/"
},
{
"refsource": "MISC",
"name": "https://github.com/btiteam/xbtit-3.1/issues/6",
"url": "https://github.com/btiteam/xbtit-3.1/issues/6"
}
]
}