mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
19c91984cf
commit
a328255f01
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0483",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-10 Android-11"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0643",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-11 Android-10"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Information disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0651",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-11 Android-9 Android-10"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Denial of service"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0652",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-8.1 Android-9 Android-10 Android-11"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0702",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-11"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Information disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0703",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-11"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0705",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-11 Android-10"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0706",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-9 Android-10 Android-11 Android-8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Denial of service"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0708",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-9 Android-10 Android-11 Android-8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-0870",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@android.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Android-9 Android-10 Android-11 Android-8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Remote code execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://source.android.com/security/bulletin/2021-10-01",
|
||||
"url": "https://source.android.com/security/bulletin/2021-10-01"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
@ -20,15 +21,16 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "4.0.1"
|
||||
"version_value": "<2.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": ">=3.0.0 <4.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -78,7 +80,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This affects the package set-value before 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays."
|
||||
"value": "This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -3,85 +3,16 @@
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "report@snyk.io",
|
||||
"DATE_PUBLIC": "2021-09-19T13:39:58.159775Z",
|
||||
"ID": "CVE-2021-23441",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Deserialization of Untrusted Data"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "com.jsoniter:jsoniter",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Deserialization of Untrusted Data"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://snyk.io/vuln/SNYK-JAVA-COMJSONITER-1316198",
|
||||
"name": "https://snyk.io/vuln/SNYK-JAVA-COMJSONITER-1316198"
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution."
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P",
|
||||
"baseScore": 7.0,
|
||||
"baseSeverity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH"
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Adi Malyanker"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-30359",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@checkpoint.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Check Point Harmony Browse and SandBlast Agent for Browsers",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "before 90.08.7405"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-427: Uncontrolled Search Path Element"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://supportcontent.checkpoint.com/solutions?id=sk175968",
|
||||
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175968"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-38485",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20 Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-42169",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-42169",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-21-100521",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-21-100521"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,101 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-19T15:34:00.000Z",
|
||||
"ID": "CVE-2021-42534",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Trane Building Automation Controllers Cross-site Scripting"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Tracer SC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "All",
|
||||
"version_value": "3.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Trane"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Chizuru Toyama of TXOne IoT/ICS Security Research Labs of Trend Micro reported this vulnerability to CISA."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product\u2019s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross-site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-292-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-292-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Trane has identified the following specific mitigations for the affected products:\n\nUsers upgrade Tracer SC controllers running firmware v3.8 and prior, to firmware v4.4 SP7 or higher. Users should contact a regional Trane office to install updated firmware or request additional information and reference Trane service database number HUB-207592.\nTracer SC is no longer actively developed, tested, or sold. Tracer SC will be considered end-of-life on December 31, 2022. Trane recommends users identify a migration plan to replace the Tracer SC controller with the Tracer SC+ controller, which can function as a drop-in replacement for Tracer SC, providing significant security upgrades."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-292-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42536",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Information Exposure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42538",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-78 OS Command Injection"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42539",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306 Missing Authentication for Critical Function"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42540",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-123 Write-what-where Condition"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42542",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Emerson WirelessHART Gateway"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WirelessHART Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1410D",
|
||||
"version_value": "4.7.94"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "1420",
|
||||
"version_value": "4.7.94"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Emerson"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user