diff --git a/2020/27xxx/CVE-2020-27237.json b/2020/27xxx/CVE-2020-27237.json index 13ba14920b2..250952207d8 100644 --- a/2020/27xxx/CVE-2020-27237.json +++ b/2020/27xxx/CVE-2020-27237.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenClinic", + "version": { + "version_data": [ + { + "version_value": "OpenClinic GA 5.173.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/27xxx/CVE-2020-27238.json b/2020/27xxx/CVE-2020-27238.json index 5c6a18b0ac4..fee29dc72fc 100644 --- a/2020/27xxx/CVE-2020-27238.json +++ b/2020/27xxx/CVE-2020-27238.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenClinic", + "version": { + "version_data": [ + { + "version_value": "OpenClinic GA 5.173.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/27xxx/CVE-2020-27239.json b/2020/27xxx/CVE-2020-27239.json index 51fecba37cf..0fc90fe3565 100644 --- a/2020/27xxx/CVE-2020-27239.json +++ b/2020/27xxx/CVE-2020-27239.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenClinic", + "version": { + "version_data": [ + { + "version_value": "OpenClinic GA 5.173.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/28xxx/CVE-2020-28592.json b/2020/28xxx/CVE-2020-28592.json index f22f7985d45..521e58da2f0 100644 --- a/2020/28xxx/CVE-2020-28592.json +++ b/2020/28xxx/CVE-2020-28592.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cosori", + "version": { + "version_data": [ + { + "version_value": "Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability." } ] } diff --git a/2020/28xxx/CVE-2020-28593.json b/2020/28xxx/CVE-2020-28593.json index e088192dc1b..a5cbc7496da 100644 --- a/2020/28xxx/CVE-2020-28593.json +++ b/2020/28xxx/CVE-2020-28593.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cosori", + "version": { + "version_data": [ + { + "version_value": "Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "hidden functionality" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21087.json b/2021/21xxx/CVE-2021-21087.json index 5eb4c8bd9b6..e72bb699237 100644 --- a/2021/21xxx/CVE-2021-21087.json +++ b/2021/21xxx/CVE-2021-21087.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-03-22T23:00:00.000Z", "ID": "CVE-2021-21087", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ColdFusion Eval Injection vulnerability could lead to code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2021.001.20135" + }, + { + "version_affected": "<=", + "version_value": "2016.16" + }, + { + "version_affected": "<=", + "version_value": "2018.10" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Coldfusion versions 2016 (update 16 and earlier) and 2018 (update 10 and earlier) are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (\u2018Eval Injection\u2019) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 4.6, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21091.json b/2021/21xxx/CVE-2021-21091.json index 8f7cb7d8f0d..e89f9322e99 100644 --- a/2021/21xxx/CVE-2021-21091.json +++ b/2021/21xxx/CVE-2021-21091.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge HEIC File Parsing Out-Of-Bounds Read vulnerability could lead to information disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21092.json b/2021/21xxx/CVE-2021-21092.json index b45657447fe..68b95c01da8 100644 --- a/2021/21xxx/CVE-2021-21092.json +++ b/2021/21xxx/CVE-2021-21092.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge DCM File Parsing Memory Corruption could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21093.json b/2021/21xxx/CVE-2021-21093.json index 9d338835b18..b7c9d68aeef 100644 --- a/2021/21xxx/CVE-2021-21093.json +++ b/2021/21xxx/CVE-2021-21093.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge SGI File Parsing Memory Corruption vulnerability could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21094.json b/2021/21xxx/CVE-2021-21094.json index 36466b3ef71..4e9640b3599 100644 --- a/2021/21xxx/CVE-2021-21094.json +++ b/2021/21xxx/CVE-2021-21094.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge PDF File Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21095.json b/2021/21xxx/CVE-2021-21095.json index e819619fc1b..9d923e13ebd 100644 --- a/2021/21xxx/CVE-2021-21095.json +++ b/2021/21xxx/CVE-2021-21095.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge TTF Font Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21096.json b/2021/21xxx/CVE-2021-21096.json index 859eea325dd..d1aa87e76c6 100644 --- a/2021/21xxx/CVE-2021-21096.json +++ b/2021/21xxx/CVE-2021-21096.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Bridge Genuine Software Service Incorrect Permission Assignment could lead to Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bridge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.0.1" + }, + { + "version_affected": "<=", + "version_value": "10.1.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.6, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", + "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21100.json b/2021/21xxx/CVE-2021-21100.json index 04feb91d02c..ce831093f93 100644 --- a/2021/21xxx/CVE-2021-21100.json +++ b/2021/21xxx/CVE-2021-21100.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-21100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Digital Editions Arbitrary file system write vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Digital Editions", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.5.11.187245" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html", + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27672.json b/2021/27xxx/CVE-2021-27672.json index 6395ef06425..67b72075fe4 100644 --- a/2021/27xxx/CVE-2021-27672.json +++ b/2021/27xxx/CVE-2021-27672.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27672", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27672", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in the \"admin_boxes.ajax.php\" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the \"cID\" parameter when creating a new HTML component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38", + "refsource": "MISC", + "name": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38" } ] } diff --git a/2021/27xxx/CVE-2021-27673.json b/2021/27xxx/CVE-2021-27673.json index 2f53fdd6553..808a362056c 100644 --- a/2021/27xxx/CVE-2021-27673.json +++ b/2021/27xxx/CVE-2021-27673.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27673", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27673", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in the \"admin_boxes.ajax.php\" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the \"cID\" parameter when creating a new HTML component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38", + "refsource": "MISC", + "name": "https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38" } ] } diff --git a/2021/28xxx/CVE-2021-28242.json b/2021/28xxx/CVE-2021-28242.json index 415cd403afc..0d8e7cfcf9e 100644 --- a/2021/28xxx/CVE-2021-28242.json +++ b/2021/28xxx/CVE-2021-28242.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28242", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28242", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in the \"evoadm.php\" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the \"cf_name\" parameter when creating a new filter under the \"Collections\" tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/b2evolution/b2evolution/issues/109", + "refsource": "MISC", + "name": "https://github.com/b2evolution/b2evolution/issues/109" + }, + { + "url": "https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644", + "refsource": "MISC", + "name": "https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644" } ] } diff --git a/2021/28xxx/CVE-2021-28548.json b/2021/28xxx/CVE-2021-28548.json index 1e80b284dcc..dfaff979e93 100644 --- a/2021/28xxx/CVE-2021-28548.json +++ b/2021/28xxx/CVE-2021-28548.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-28548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.3" + }, + { + "version_affected": "<=", + "version_value": "21.2.6" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-28.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28549.json b/2021/28xxx/CVE-2021-28549.json index de8b0565ef7..a4a580049a4 100644 --- a/2021/28xxx/CVE-2021-28549.json +++ b/2021/28xxx/CVE-2021-28549.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-04-13T23:00:00.000Z", "ID": "CVE-2021-28549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.3" + }, + { + "version_affected": "<=", + "version_value": "21.2.6" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-28.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30209.json b/2021/30xxx/CVE-2021-30209.json index 05192d2deea..fed82fd04ba 100644 --- a/2021/30xxx/CVE-2021-30209.json +++ b/2021/30xxx/CVE-2021-30209.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/textpattern/textpattern/issues/1655", + "refsource": "MISC", + "name": "https://github.com/textpattern/textpattern/issues/1655" } ] } diff --git a/2021/3xxx/CVE-2021-3487.json b/2021/3xxx/CVE-2021-3487.json index dc798b62df5..94aca0d5d2c 100644 --- a/2021/3xxx/CVE-2021-3487.json +++ b/2021/3xxx/CVE-2021-3487.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "binutils", + "version": { + "version_data": [ + { + "version_value": "binutils 2.36" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20->CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption." } ] } diff --git a/2021/3xxx/CVE-2021-3500.json b/2021/3xxx/CVE-2021-3500.json new file mode 100644 index 00000000000..018d1cbc362 --- /dev/null +++ b/2021/3xxx/CVE-2021-3500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file