From 65a7fa140befc31a628fcf3057c20942deddf4e1 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Mon, 11 Jan 2021 12:06:54 -0500 Subject: [PATCH 01/16] IBM20210111-12654 Added CVE-2020-4869 --- 2020/4xxx/CVE-2020-4869.json | 105 ++++++++++++++++++++++++++++++----- 1 file changed, 90 insertions(+), 15 deletions(-) diff --git a/2020/4xxx/CVE-2020-4869.json b/2020/4xxx/CVE-2020-4869.json index ad0eed6e254..4da3581a4b5 100644 --- a/2020/4xxx/CVE-2020-4869.json +++ b/2020/4xxx/CVE-2020-4869.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2021-01-08T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4869" + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "MQ Appliance", + "version" : { + "version_data" : [ + { + "version_value" : "9.2.0.0" + }, + { + "version_value" : "9.2.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6398791", + "url" : "https://www.ibm.com/support/pages/node/6398791", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6398791 (MQ Appliance)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831", + "refsource" : "XF", + "name" : "ibm-mq-cve20204869-dos (190831)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831." + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "SCORE" : "5.300", + "AC" : "H", + "I" : "N", + "AV" : "N", + "C" : "N", + "UI" : "N", + "PR" : "L", + "S" : "U", + "A" : "H" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_version" : "4.0" +} From 24c465d548a9aeebf0378ee2ef2e37e49d437b36 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 18:02:02 +0000 Subject: [PATCH 02/16] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4869.json | 180 +++++++++++++++++------------------ 2021/3xxx/CVE-2021-3125.json | 18 ++++ 2 files changed, 108 insertions(+), 90 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3125.json diff --git a/2020/4xxx/CVE-2020-4869.json b/2020/4xxx/CVE-2020-4869.json index 4da3581a4b5..b16223aa424 100644 --- a/2020/4xxx/CVE-2020-4869.json +++ b/2020/4xxx/CVE-2020-4869.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-01-08T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4869" - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "MQ Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.0" - }, - { - "version_value" : "9.2.1" - } - ] - } - } - ] - } + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6398791", - "url" : "https://www.ibm.com/support/pages/node/6398791", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6398791 (MQ Appliance)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831", - "refsource" : "XF", - "name" : "ibm-mq-cve20204869-dos (190831)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831." - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "5.300", - "AC" : "H", - "I" : "N", - "AV" : "N", - "C" : "N", - "UI" : "N", - "PR" : "L", - "S" : "U", - "A" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_version" : "4.0" -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-01-08T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4869" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "MQ Appliance", + "version": { + "version_data": [ + { + "version_value": "9.2.0.0" + }, + { + "version_value": "9.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6398791", + "url": "https://www.ibm.com/support/pages/node/6398791", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6398791 (MQ Appliance)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831", + "refsource": "XF", + "name": "ibm-mq-cve20204869-dos (190831)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831." + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.300", + "AC": "H", + "I": "N", + "AV": "N", + "C": "N", + "UI": "N", + "PR": "L", + "S": "U", + "A": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3125.json b/2021/3xxx/CVE-2021-3125.json new file mode 100644 index 00000000000..57f9ae7dddf --- /dev/null +++ b/2021/3xxx/CVE-2021-3125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d3cd3e16100f1c59b8742b480a7feeec57ec037a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 19:01:47 +0000 Subject: [PATCH 03/16] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13559.json | 50 ++++++++++++++++++++++++++++-- 2020/24xxx/CVE-2020-24025.json | 56 ++++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26118.json | 7 ++++- 3 files changed, 103 insertions(+), 10 deletions(-) diff --git a/2020/13xxx/CVE-2020-13559.json b/2020/13xxx/CVE-2020-13559.json index 3eca7beb7a1..b9f8a104c27 100644 --- a/2020/13xxx/CVE-2020-13559.json +++ b/2020/13xxx/CVE-2020-13559.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreyrSCADA", + "version": { + "version_data": [ + { + "version_value": "IEC-60879-5-104 Server Simulator 21.04.028" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1174" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability." } ] } diff --git a/2020/24xxx/CVE-2020-24025.json b/2020/24xxx/CVE-2020-24025.json index ee3f7a088fe..4d4f4060058 100644 --- a/2020/24xxx/CVE-2020-24025.json +++ b/2020/24xxx/CVE-2020-24025.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24025", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24025", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sass/node-sass/pull/567#issuecomment-656609236", + "refsource": "MISC", + "name": "https://github.com/sass/node-sass/pull/567#issuecomment-656609236" } ] } diff --git a/2020/26xxx/CVE-2020-26118.json b/2020/26xxx/CVE-2020-26118.json index 04a2eac0a71..ed07517d03d 100644 --- a/2020/26xxx/CVE-2020-26118.json +++ b/2020/26xxx/CVE-2020-26118.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In SmartBear Collaborator Server through 13.1.13100, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system." + "value": "In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html", "url": "https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html" + }, + { + "refsource": "MISC", + "name": "https://support.smartbear.com/collaborator/docs/general-info/whats-new.html", + "url": "https://support.smartbear.com/collaborator/docs/general-info/whats-new.html" } ] }, From 72bc7ddb747134e6f0d5b6fb0b77c65934fc122b Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 11 Jan 2021 12:07:44 -0700 Subject: [PATCH 04/16] Add CVE-2020-26298 for GHSA-q3wr-qw3g-3p4h --- 2020/26xxx/CVE-2020-26298.json | 103 +++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 6 deletions(-) diff --git a/2020/26xxx/CVE-2020-26298.json b/2020/26xxx/CVE-2020-26298.json index c1f02bedb16..897427182e9 100644 --- a/2020/26xxx/CVE-2020-26298.json +++ b/2020/26xxx/CVE-2020-26298.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Injection in Redcarpet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "redcarpet", + "version": { + "version_data": [ + { + "version_value": "< 3.5.1" + } + ] + } + } + ] + }, + "vendor_name": "vmg" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/advisories/GHSA-q3wr-qw3g-3p4h", + "refsource": "CONFIRM", + "url": "https://github.com/advisories/GHSA-q3wr-qw3g-3p4h" + }, + { + "name": "https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793", + "refsource": "MISC", + "url": "https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793" + }, + { + "name": "https://rubygems.org/gems/redcarpet", + "refsource": "MISC", + "url": "https://rubygems.org/gems/redcarpet" + }, + { + "name": "https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-351-security", + "refsource": "MISC", + "url": "https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-351-security" + } + ] + }, + "source": { + "advisory": "GHSA-q3wr-qw3g-3p4h", + "discovery": "UNKNOWN" } } \ No newline at end of file From 8fc49e0505e36a14f5be1d794500d86cffdb1f1a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 20:01:58 +0000 Subject: [PATCH 05/16] "-Synchronized-Data." --- 2020/23xxx/CVE-2020-23631.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24027.json | 61 ++++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26298.json | 2 +- 3 files changed, 111 insertions(+), 13 deletions(-) diff --git a/2020/23xxx/CVE-2020-23631.json b/2020/23xxx/CVE-2020-23631.json index e896b002328..00298afc3d1 100644 --- a/2020/23xxx/CVE-2020-23631.json +++ b/2020/23xxx/CVE-2020-23631.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shadoweb/wdja/issues/11", + "refsource": "MISC", + "name": "https://github.com/shadoweb/wdja/issues/11" + }, + { + "url": "https://www.cnblogs.com/wayne-tao/p/13110663.html", + "refsource": "MISC", + "name": "https://www.cnblogs.com/wayne-tao/p/13110663.html" } ] } diff --git a/2020/24xxx/CVE-2020-24027.json b/2020/24xxx/CVE-2020-24027.json index 5d774f42093..228d12a6af6 100644 --- a/2020/24xxx/CVE-2020-24027.json +++ b/2020/24xxx/CVE-2020-24027.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP \"PLAY\" command, when the command specifies seeking by absolute time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.live555.com/liveMedia/public/changelog.txt", + "refsource": "MISC", + "name": "http://www.live555.com/liveMedia/public/changelog.txt" + }, + { + "url": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html", + "refsource": "MISC", + "name": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html" } ] } diff --git a/2020/26xxx/CVE-2020-26298.json b/2020/26xxx/CVE-2020-26298.json index 897427182e9..1cae93d8797 100644 --- a/2020/26xxx/CVE-2020-26298.json +++ b/2020/26xxx/CVE-2020-26298.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit." + "value": "Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit." } ] }, From b14242a5f7d94c8f0443df463728ce13372ff5f7 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 11 Jan 2021 13:34:16 -0700 Subject: [PATCH 06/16] Add CVE-2021-21241 for GHSA-hh7m-rx4f-4vpv --- 2021/21xxx/CVE-2021-21241.json | 102 +++++++++++++++++++++++++++++++-- 1 file changed, 96 insertions(+), 6 deletions(-) diff --git a/2021/21xxx/CVE-2021-21241.json b/2021/21xxx/CVE-2021-21241.json index 94c5918ee67..a25153eccb2 100644 --- a/2021/21xxx/CVE-2021-21241.json +++ b/2021/21xxx/CVE-2021-21241.json @@ -1,18 +1,108 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21241", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CSRF can expose users authentication token in Flask-Security-Too" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "flask-security-too", + "version": { + "version_data": [ + { + "version_value": ">= 3.3.0, < 3.4.5" + } + ] + } + } + ] + }, + "vendor_name": "Flask-Middleware" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Python \"Flask-Security-Too\" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security.\n\nIn Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token.\n\nVersion 3.4.5 and version 4.0.0 are patched.\n\nAs a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to \"0\" (seconds) which should make the token unusable." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv", + "refsource": "CONFIRM", + "url": "https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv" + }, + { + "name": "https://github.com/Flask-Middleware/flask-security/pull/422", + "refsource": "MISC", + "url": "https://github.com/Flask-Middleware/flask-security/pull/422" + }, + { + "name": "https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f", + "refsource": "MISC", + "url": "https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f" + }, + { + "name": "https://github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a", + "refsource": "MISC", + "url": "https://github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a" + }, + { + "name": "https://github.com/Flask-Middleware/flask-security/releases/tag/3.4.5", + "refsource": "MISC", + "url": "https://github.com/Flask-Middleware/flask-security/releases/tag/3.4.5" + }, + { + "name": "https://pypi.org/project/Flask-Security-Too", + "refsource": "MISC", + "url": "https://pypi.org/project/Flask-Security-Too" + } + ] + }, + "source": { + "advisory": "GHSA-hh7m-rx4f-4vpv", + "discovery": "UNKNOWN" } } \ No newline at end of file From b3945089cd5f4d448e386c4ba4b3bf67b2fa929c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 21:02:00 +0000 Subject: [PATCH 07/16] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9376.json | 16 ++++++--- 2020/27xxx/CVE-2020-27059.json | 59 ++++++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0342.json | 50 ++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21241.json | 2 +- 4 files changed, 115 insertions(+), 12 deletions(-) diff --git a/2019/9xxx/CVE-2019-9376.json b/2019/9xxx/CVE-2019-9376.json index d703c75e815..28397a34d15 100644 --- a/2019/9xxx/CVE-2019-9376.json +++ b/2019/9xxx/CVE-2019-9376.json @@ -19,7 +19,13 @@ "version": { "version_data": [ { - "version_value": "Android-10" + "version_value": "Android-9" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" } ] } @@ -45,9 +51,9 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/android-10", - "url": "https://source.android.com/security/bulletin/android-10" + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" } ] }, @@ -55,7 +61,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129287265" + "value": "In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265." } ] } diff --git a/2020/27xxx/CVE-2020-27059.json b/2020/27xxx/CVE-2020-27059.json index 4036cb81978..f56a66134db 100644 --- a/2020/27xxx/CVE-2020-27059.json +++ b/2020/27xxx/CVE-2020-27059.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10 and 11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/pixel/2021-01-01", + "url": "https://source.android.com/security/bulletin/pixel/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069." } ] } diff --git a/2021/0xxx/CVE-2021-0342.json b/2021/0xxx/CVE-2021-0342.json index d3ff0e3958f..ccc54af6e4d 100644 --- a/2021/0xxx/CVE-2021-0342.json +++ b/2021/0xxx/CVE-2021-0342.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/pixel/2021-01-01", + "url": "https://source.android.com/security/bulletin/pixel/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327." } ] } diff --git a/2021/21xxx/CVE-2021-21241.json b/2021/21xxx/CVE-2021-21241.json index a25153eccb2..91d54103363 100644 --- a/2021/21xxx/CVE-2021-21241.json +++ b/2021/21xxx/CVE-2021-21241.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "The Python \"Flask-Security-Too\" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security.\n\nIn Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token.\n\nVersion 3.4.5 and version 4.0.0 are patched.\n\nAs a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to \"0\" (seconds) which should make the token unusable." + "value": "The Python \"Flask-Security-Too\" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Version 3.4.5 and version 4.0.0 are patched. As a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to \"0\" (seconds) which should make the token unusable." } ] }, From daba72647fa4f2106e5019f50ea6138c389955df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 22:01:46 +0000 Subject: [PATCH 08/16] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0471.json | 74 ++++++++++++++++++++++++++++++++++++ 2021/0xxx/CVE-2021-0301.json | 50 ++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0303.json | 50 ++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0304.json | 59 ++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0306.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0307.json | 53 ++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0308.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0309.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0310.json | 50 ++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0311.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0312.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0313.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0315.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0316.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0317.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0318.json | 59 ++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0319.json | 62 ++++++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0320.json | 53 ++++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0321.json | 50 ++++++++++++++++++++++-- 2021/0xxx/CVE-2021-0322.json | 56 +++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3126.json | 18 +++++++++ 21 files changed, 1135 insertions(+), 57 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0471.json create mode 100644 2021/3xxx/CVE-2021-3126.json diff --git a/2020/0xxx/CVE-2020-0471.json b/2020/0xxx/CVE-2020-0471.json new file mode 100644 index 00000000000..7ff9fba40a4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0471.json @@ -0,0 +1,74 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0471", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567." + } + ] + } +} \ No newline at end of file diff --git a/2021/0xxx/CVE-2021-0301.json b/2021/0xxx/CVE-2021-0301.json index e843b22c970..04197d6ce1a 100644 --- a/2021/0xxx/CVE-2021-0301.json +++ b/2021/0xxx/CVE-2021-0301.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android SoC; Android ID: A-172514667." } ] } diff --git a/2021/0xxx/CVE-2021-0303.json b/2021/0xxx/CVE-2021-0303.json index 0580839a619..2532cac3ece 100644 --- a/2021/0xxx/CVE-2021-0303.json +++ b/2021/0xxx/CVE-2021-0303.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229." } ] } diff --git a/2021/0xxx/CVE-2021-0304.json b/2021/0xxx/CVE-2021-0304.json index 9ff0c8db03f..b3f74aa4267 100644 --- a/2021/0xxx/CVE-2021-0304.json +++ b/2021/0xxx/CVE-2021-0304.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636." } ] } diff --git a/2021/0xxx/CVE-2021-0306.json b/2021/0xxx/CVE-2021-0306.json index a5e67949c42..5d39a5b3bf0 100644 --- a/2021/0xxx/CVE-2021-0306.json +++ b/2021/0xxx/CVE-2021-0306.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240." } ] } diff --git a/2021/0xxx/CVE-2021-0307.json b/2021/0xxx/CVE-2021-0307.json index 918bfa2b7d7..8feafef07e3 100644 --- a/2021/0xxx/CVE-2021-0307.json +++ b/2021/0xxx/CVE-2021-0307.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771." } ] } diff --git a/2021/0xxx/CVE-2021-0308.json b/2021/0xxx/CVE-2021-0308.json index 2297ad85ba1..d2f6a21a44e 100644 --- a/2021/0xxx/CVE-2021-0308.json +++ b/2021/0xxx/CVE-2021-0308.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095." } ] } diff --git a/2021/0xxx/CVE-2021-0309.json b/2021/0xxx/CVE-2021-0309.json index 2455947db7b..c5b189fac85 100644 --- a/2021/0xxx/CVE-2021-0309.json +++ b/2021/0xxx/CVE-2021-0309.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899." } ] } diff --git a/2021/0xxx/CVE-2021-0310.json b/2021/0xxx/CVE-2021-0310.json index d0f8fb403bc..528e5643615 100644 --- a/2021/0xxx/CVE-2021-0310.json +++ b/2021/0xxx/CVE-2021-0310.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632." } ] } diff --git a/2021/0xxx/CVE-2021-0311.json b/2021/0xxx/CVE-2021-0311.json index 735ba5284a5..444e5652437 100644 --- a/2021/0xxx/CVE-2021-0311.json +++ b/2021/0xxx/CVE-2021-0311.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631." } ] } diff --git a/2021/0xxx/CVE-2021-0312.json b/2021/0xxx/CVE-2021-0312.json index 5769ec812bf..39c717144e6 100644 --- a/2021/0xxx/CVE-2021-0312.json +++ b/2021/0xxx/CVE-2021-0312.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712." } ] } diff --git a/2021/0xxx/CVE-2021-0313.json b/2021/0xxx/CVE-2021-0313.json index 83a2121a718..1fab05392c2 100644 --- a/2021/0xxx/CVE-2021-0313.json +++ b/2021/0xxx/CVE-2021-0313.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514." } ] } diff --git a/2021/0xxx/CVE-2021-0315.json b/2021/0xxx/CVE-2021-0315.json index 4c50216fcd2..729aaba9b3a 100644 --- a/2021/0xxx/CVE-2021-0315.json +++ b/2021/0xxx/CVE-2021-0315.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814." } ] } diff --git a/2021/0xxx/CVE-2021-0316.json b/2021/0xxx/CVE-2021-0316.json index c1006b1bbe4..d4379ffcd49 100644 --- a/2021/0xxx/CVE-2021-0316.json +++ b/2021/0xxx/CVE-2021-0316.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990." } ] } diff --git a/2021/0xxx/CVE-2021-0317.json b/2021/0xxx/CVE-2021-0317.json index 990ecd99213..3c4c085f2fc 100644 --- a/2021/0xxx/CVE-2021-0317.json +++ b/2021/0xxx/CVE-2021-0317.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670." } ] } diff --git a/2021/0xxx/CVE-2021-0318.json b/2021/0xxx/CVE-2021-0318.json index 43a877ed232..d09eef1a0b2 100644 --- a/2021/0xxx/CVE-2021-0318.json +++ b/2021/0xxx/CVE-2021-0318.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968." } ] } diff --git a/2021/0xxx/CVE-2021-0319.json b/2021/0xxx/CVE-2021-0319.json index 2526c829e2f..c68d1e4508d 100644 --- a/2021/0xxx/CVE-2021-0319.json +++ b/2021/0xxx/CVE-2021-0319.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818." } ] } diff --git a/2021/0xxx/CVE-2021-0320.json b/2021/0xxx/CVE-2021-0320.json index 7bd92f7a491..21b7957dd10 100644 --- a/2021/0xxx/CVE-2021-0320.json +++ b/2021/0xxx/CVE-2021-0320.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-169933423." } ] } diff --git a/2021/0xxx/CVE-2021-0321.json b/2021/0xxx/CVE-2021-0321.json index 8a99d1425e0..9aa014d01f0 100644 --- a/2021/0xxx/CVE-2021-0321.json +++ b/2021/0xxx/CVE-2021-0321.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0321", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-166667403." } ] } diff --git a/2021/0xxx/CVE-2021-0322.json b/2021/0xxx/CVE-2021-0322.json index 6e0493dfc3f..316807ca1dd 100644 --- a/2021/0xxx/CVE-2021-0322.json +++ b/2021/0xxx/CVE-2021-0322.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0322", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + }, + { + "version_value": "Android-11" + }, + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2021-01-01", + "url": "https://source.android.com/security/bulletin/2021-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361." } ] } diff --git a/2021/3xxx/CVE-2021-3126.json b/2021/3xxx/CVE-2021-3126.json new file mode 100644 index 00000000000..1c4ccc02aef --- /dev/null +++ b/2021/3xxx/CVE-2021-3126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 37da4a895c6d77be46db1f75520a5630b89b224a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Jan 2021 23:01:43 +0000 Subject: [PATCH 09/16] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23835.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23836.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23837.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23838.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2021/23xxx/CVE-2021-23835.json create mode 100644 2021/23xxx/CVE-2021-23836.json create mode 100644 2021/23xxx/CVE-2021-23837.json create mode 100644 2021/23xxx/CVE-2021-23838.json diff --git a/2021/23xxx/CVE-2021-23835.json b/2021/23xxx/CVE-2021-23835.json new file mode 100644 index 00000000000..797477ffa71 --- /dev/null +++ b/2021/23xxx/CVE-2021-23835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23836.json b/2021/23xxx/CVE-2021-23836.json new file mode 100644 index 00000000000..815fed2d0bd --- /dev/null +++ b/2021/23xxx/CVE-2021-23836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23837.json b/2021/23xxx/CVE-2021-23837.json new file mode 100644 index 00000000000..ea20267ea50 --- /dev/null +++ b/2021/23xxx/CVE-2021-23837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23838.json b/2021/23xxx/CVE-2021-23838.json new file mode 100644 index 00000000000..c0128d4ba15 --- /dev/null +++ b/2021/23xxx/CVE-2021-23838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 687a8cda6484ad273fb2e285c9478891b0e0c6cc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 01:01:51 +0000 Subject: [PATCH 10/16] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23839.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23840.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23841.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23842.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23843.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23844.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23845.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23846.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23847.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23848.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23849.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23850.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23851.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23852.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23853.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23854.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23855.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23856.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23857.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23858.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23859.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23860.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23861.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23862.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23863.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23864.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23865.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23866.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23867.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23868.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23869.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23870.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23871.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23872.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23873.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23874.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23875.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23876.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23877.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23878.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23879.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23880.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23881.json | 18 ++++++++++++++++++ 43 files changed, 774 insertions(+) create mode 100644 2021/23xxx/CVE-2021-23839.json create mode 100644 2021/23xxx/CVE-2021-23840.json create mode 100644 2021/23xxx/CVE-2021-23841.json create mode 100644 2021/23xxx/CVE-2021-23842.json create mode 100644 2021/23xxx/CVE-2021-23843.json create mode 100644 2021/23xxx/CVE-2021-23844.json create mode 100644 2021/23xxx/CVE-2021-23845.json create mode 100644 2021/23xxx/CVE-2021-23846.json create mode 100644 2021/23xxx/CVE-2021-23847.json create mode 100644 2021/23xxx/CVE-2021-23848.json create mode 100644 2021/23xxx/CVE-2021-23849.json create mode 100644 2021/23xxx/CVE-2021-23850.json create mode 100644 2021/23xxx/CVE-2021-23851.json create mode 100644 2021/23xxx/CVE-2021-23852.json create mode 100644 2021/23xxx/CVE-2021-23853.json create mode 100644 2021/23xxx/CVE-2021-23854.json create mode 100644 2021/23xxx/CVE-2021-23855.json create mode 100644 2021/23xxx/CVE-2021-23856.json create mode 100644 2021/23xxx/CVE-2021-23857.json create mode 100644 2021/23xxx/CVE-2021-23858.json create mode 100644 2021/23xxx/CVE-2021-23859.json create mode 100644 2021/23xxx/CVE-2021-23860.json create mode 100644 2021/23xxx/CVE-2021-23861.json create mode 100644 2021/23xxx/CVE-2021-23862.json create mode 100644 2021/23xxx/CVE-2021-23863.json create mode 100644 2021/23xxx/CVE-2021-23864.json create mode 100644 2021/23xxx/CVE-2021-23865.json create mode 100644 2021/23xxx/CVE-2021-23866.json create mode 100644 2021/23xxx/CVE-2021-23867.json create mode 100644 2021/23xxx/CVE-2021-23868.json create mode 100644 2021/23xxx/CVE-2021-23869.json create mode 100644 2021/23xxx/CVE-2021-23870.json create mode 100644 2021/23xxx/CVE-2021-23871.json create mode 100644 2021/23xxx/CVE-2021-23872.json create mode 100644 2021/23xxx/CVE-2021-23873.json create mode 100644 2021/23xxx/CVE-2021-23874.json create mode 100644 2021/23xxx/CVE-2021-23875.json create mode 100644 2021/23xxx/CVE-2021-23876.json create mode 100644 2021/23xxx/CVE-2021-23877.json create mode 100644 2021/23xxx/CVE-2021-23878.json create mode 100644 2021/23xxx/CVE-2021-23879.json create mode 100644 2021/23xxx/CVE-2021-23880.json create mode 100644 2021/23xxx/CVE-2021-23881.json diff --git a/2021/23xxx/CVE-2021-23839.json b/2021/23xxx/CVE-2021-23839.json new file mode 100644 index 00000000000..8f9bbbc91cd --- /dev/null +++ b/2021/23xxx/CVE-2021-23839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23840.json b/2021/23xxx/CVE-2021-23840.json new file mode 100644 index 00000000000..51e7fcfafdc --- /dev/null +++ b/2021/23xxx/CVE-2021-23840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23841.json b/2021/23xxx/CVE-2021-23841.json new file mode 100644 index 00000000000..c4145d21ec8 --- /dev/null +++ b/2021/23xxx/CVE-2021-23841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23842.json b/2021/23xxx/CVE-2021-23842.json new file mode 100644 index 00000000000..df418ed6d82 --- /dev/null +++ b/2021/23xxx/CVE-2021-23842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23843.json b/2021/23xxx/CVE-2021-23843.json new file mode 100644 index 00000000000..6c6290a5b21 --- /dev/null +++ b/2021/23xxx/CVE-2021-23843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23844.json b/2021/23xxx/CVE-2021-23844.json new file mode 100644 index 00000000000..4acc59c0711 --- /dev/null +++ b/2021/23xxx/CVE-2021-23844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23845.json b/2021/23xxx/CVE-2021-23845.json new file mode 100644 index 00000000000..13bc7ee8356 --- /dev/null +++ b/2021/23xxx/CVE-2021-23845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23846.json b/2021/23xxx/CVE-2021-23846.json new file mode 100644 index 00000000000..20c7fd7fb0d --- /dev/null +++ b/2021/23xxx/CVE-2021-23846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23847.json b/2021/23xxx/CVE-2021-23847.json new file mode 100644 index 00000000000..06905968a63 --- /dev/null +++ b/2021/23xxx/CVE-2021-23847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23848.json b/2021/23xxx/CVE-2021-23848.json new file mode 100644 index 00000000000..97e51d54653 --- /dev/null +++ b/2021/23xxx/CVE-2021-23848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23849.json b/2021/23xxx/CVE-2021-23849.json new file mode 100644 index 00000000000..35650cc3a9b --- /dev/null +++ b/2021/23xxx/CVE-2021-23849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23850.json b/2021/23xxx/CVE-2021-23850.json new file mode 100644 index 00000000000..494670b918e --- /dev/null +++ b/2021/23xxx/CVE-2021-23850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23851.json b/2021/23xxx/CVE-2021-23851.json new file mode 100644 index 00000000000..ce0e1159fe7 --- /dev/null +++ b/2021/23xxx/CVE-2021-23851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23852.json b/2021/23xxx/CVE-2021-23852.json new file mode 100644 index 00000000000..4b8788e1078 --- /dev/null +++ b/2021/23xxx/CVE-2021-23852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23853.json b/2021/23xxx/CVE-2021-23853.json new file mode 100644 index 00000000000..270cb811aba --- /dev/null +++ b/2021/23xxx/CVE-2021-23853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23854.json b/2021/23xxx/CVE-2021-23854.json new file mode 100644 index 00000000000..5582ebaa86d --- /dev/null +++ b/2021/23xxx/CVE-2021-23854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23855.json b/2021/23xxx/CVE-2021-23855.json new file mode 100644 index 00000000000..a788af3cf37 --- /dev/null +++ b/2021/23xxx/CVE-2021-23855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23856.json b/2021/23xxx/CVE-2021-23856.json new file mode 100644 index 00000000000..29d12855a5c --- /dev/null +++ b/2021/23xxx/CVE-2021-23856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23857.json b/2021/23xxx/CVE-2021-23857.json new file mode 100644 index 00000000000..6dd890dad5b --- /dev/null +++ b/2021/23xxx/CVE-2021-23857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23858.json b/2021/23xxx/CVE-2021-23858.json new file mode 100644 index 00000000000..6e1dd4116a1 --- /dev/null +++ b/2021/23xxx/CVE-2021-23858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23859.json b/2021/23xxx/CVE-2021-23859.json new file mode 100644 index 00000000000..b4beb708d76 --- /dev/null +++ b/2021/23xxx/CVE-2021-23859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23860.json b/2021/23xxx/CVE-2021-23860.json new file mode 100644 index 00000000000..b7003d79367 --- /dev/null +++ b/2021/23xxx/CVE-2021-23860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23861.json b/2021/23xxx/CVE-2021-23861.json new file mode 100644 index 00000000000..411bf92f145 --- /dev/null +++ b/2021/23xxx/CVE-2021-23861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23862.json b/2021/23xxx/CVE-2021-23862.json new file mode 100644 index 00000000000..75c50ee1fae --- /dev/null +++ b/2021/23xxx/CVE-2021-23862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23863.json b/2021/23xxx/CVE-2021-23863.json new file mode 100644 index 00000000000..6fbc3c7e2c4 --- /dev/null +++ b/2021/23xxx/CVE-2021-23863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23864.json b/2021/23xxx/CVE-2021-23864.json new file mode 100644 index 00000000000..071fe4ce4a0 --- /dev/null +++ b/2021/23xxx/CVE-2021-23864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23865.json b/2021/23xxx/CVE-2021-23865.json new file mode 100644 index 00000000000..2cb14a1fc66 --- /dev/null +++ b/2021/23xxx/CVE-2021-23865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23866.json b/2021/23xxx/CVE-2021-23866.json new file mode 100644 index 00000000000..a3874b7e755 --- /dev/null +++ b/2021/23xxx/CVE-2021-23866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23867.json b/2021/23xxx/CVE-2021-23867.json new file mode 100644 index 00000000000..0ad917918a5 --- /dev/null +++ b/2021/23xxx/CVE-2021-23867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23868.json b/2021/23xxx/CVE-2021-23868.json new file mode 100644 index 00000000000..cc7d74034bc --- /dev/null +++ b/2021/23xxx/CVE-2021-23868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23869.json b/2021/23xxx/CVE-2021-23869.json new file mode 100644 index 00000000000..456484996cf --- /dev/null +++ b/2021/23xxx/CVE-2021-23869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23870.json b/2021/23xxx/CVE-2021-23870.json new file mode 100644 index 00000000000..a023bb12602 --- /dev/null +++ b/2021/23xxx/CVE-2021-23870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23871.json b/2021/23xxx/CVE-2021-23871.json new file mode 100644 index 00000000000..18e1bf61195 --- /dev/null +++ b/2021/23xxx/CVE-2021-23871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23872.json b/2021/23xxx/CVE-2021-23872.json new file mode 100644 index 00000000000..e05b418d0ae --- /dev/null +++ b/2021/23xxx/CVE-2021-23872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23873.json b/2021/23xxx/CVE-2021-23873.json new file mode 100644 index 00000000000..7f4662a15f7 --- /dev/null +++ b/2021/23xxx/CVE-2021-23873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23874.json b/2021/23xxx/CVE-2021-23874.json new file mode 100644 index 00000000000..c18b86e5bda --- /dev/null +++ b/2021/23xxx/CVE-2021-23874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23875.json b/2021/23xxx/CVE-2021-23875.json new file mode 100644 index 00000000000..9670e4615f0 --- /dev/null +++ b/2021/23xxx/CVE-2021-23875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23876.json b/2021/23xxx/CVE-2021-23876.json new file mode 100644 index 00000000000..4ed7bd954cf --- /dev/null +++ b/2021/23xxx/CVE-2021-23876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23877.json b/2021/23xxx/CVE-2021-23877.json new file mode 100644 index 00000000000..f8d1f1ede9e --- /dev/null +++ b/2021/23xxx/CVE-2021-23877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23878.json b/2021/23xxx/CVE-2021-23878.json new file mode 100644 index 00000000000..19eb97cd8a7 --- /dev/null +++ b/2021/23xxx/CVE-2021-23878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23879.json b/2021/23xxx/CVE-2021-23879.json new file mode 100644 index 00000000000..5780fbe0198 --- /dev/null +++ b/2021/23xxx/CVE-2021-23879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23880.json b/2021/23xxx/CVE-2021-23880.json new file mode 100644 index 00000000000..db534d0927c --- /dev/null +++ b/2021/23xxx/CVE-2021-23880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23881.json b/2021/23xxx/CVE-2021-23881.json new file mode 100644 index 00000000000..5800c5f9acf --- /dev/null +++ b/2021/23xxx/CVE-2021-23881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From df935deb700f3a30cc54855907978497c912388d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 01:02:26 +0000 Subject: [PATCH 11/16] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23882.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23883.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23884.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23885.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23886.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23887.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23888.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23889.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23890.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23891.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23892.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23893.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23894.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23895.json | 18 ++++++++++++++++++ 2021/23xxx/CVE-2021-23896.json | 18 ++++++++++++++++++ 15 files changed, 270 insertions(+) create mode 100644 2021/23xxx/CVE-2021-23882.json create mode 100644 2021/23xxx/CVE-2021-23883.json create mode 100644 2021/23xxx/CVE-2021-23884.json create mode 100644 2021/23xxx/CVE-2021-23885.json create mode 100644 2021/23xxx/CVE-2021-23886.json create mode 100644 2021/23xxx/CVE-2021-23887.json create mode 100644 2021/23xxx/CVE-2021-23888.json create mode 100644 2021/23xxx/CVE-2021-23889.json create mode 100644 2021/23xxx/CVE-2021-23890.json create mode 100644 2021/23xxx/CVE-2021-23891.json create mode 100644 2021/23xxx/CVE-2021-23892.json create mode 100644 2021/23xxx/CVE-2021-23893.json create mode 100644 2021/23xxx/CVE-2021-23894.json create mode 100644 2021/23xxx/CVE-2021-23895.json create mode 100644 2021/23xxx/CVE-2021-23896.json diff --git a/2021/23xxx/CVE-2021-23882.json b/2021/23xxx/CVE-2021-23882.json new file mode 100644 index 00000000000..6fabdac2694 --- /dev/null +++ b/2021/23xxx/CVE-2021-23882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23883.json b/2021/23xxx/CVE-2021-23883.json new file mode 100644 index 00000000000..f70dadead0a --- /dev/null +++ b/2021/23xxx/CVE-2021-23883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23884.json b/2021/23xxx/CVE-2021-23884.json new file mode 100644 index 00000000000..af2fa0caedd --- /dev/null +++ b/2021/23xxx/CVE-2021-23884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23885.json b/2021/23xxx/CVE-2021-23885.json new file mode 100644 index 00000000000..edba7b82eaa --- /dev/null +++ b/2021/23xxx/CVE-2021-23885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23886.json b/2021/23xxx/CVE-2021-23886.json new file mode 100644 index 00000000000..f496119480a --- /dev/null +++ b/2021/23xxx/CVE-2021-23886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23887.json b/2021/23xxx/CVE-2021-23887.json new file mode 100644 index 00000000000..995e08f86fe --- /dev/null +++ b/2021/23xxx/CVE-2021-23887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23888.json b/2021/23xxx/CVE-2021-23888.json new file mode 100644 index 00000000000..e64998effa0 --- /dev/null +++ b/2021/23xxx/CVE-2021-23888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23889.json b/2021/23xxx/CVE-2021-23889.json new file mode 100644 index 00000000000..87d414f18c3 --- /dev/null +++ b/2021/23xxx/CVE-2021-23889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23890.json b/2021/23xxx/CVE-2021-23890.json new file mode 100644 index 00000000000..0567b50938c --- /dev/null +++ b/2021/23xxx/CVE-2021-23890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23891.json b/2021/23xxx/CVE-2021-23891.json new file mode 100644 index 00000000000..ea26ad619bd --- /dev/null +++ b/2021/23xxx/CVE-2021-23891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23892.json b/2021/23xxx/CVE-2021-23892.json new file mode 100644 index 00000000000..ad68547751e --- /dev/null +++ b/2021/23xxx/CVE-2021-23892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23893.json b/2021/23xxx/CVE-2021-23893.json new file mode 100644 index 00000000000..bd2da05b3c0 --- /dev/null +++ b/2021/23xxx/CVE-2021-23893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23894.json b/2021/23xxx/CVE-2021-23894.json new file mode 100644 index 00000000000..409ff527be1 --- /dev/null +++ b/2021/23xxx/CVE-2021-23894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23895.json b/2021/23xxx/CVE-2021-23895.json new file mode 100644 index 00000000000..03f3d8e7632 --- /dev/null +++ b/2021/23xxx/CVE-2021-23895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23896.json b/2021/23xxx/CVE-2021-23896.json new file mode 100644 index 00000000000..50cc474ded0 --- /dev/null +++ b/2021/23xxx/CVE-2021-23896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From cc07c3ee75b7761909131b0a96d2fc1b2d2a0fe0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 03:01:44 +0000 Subject: [PATCH 12/16] "-Synchronized-Data." --- 2020/16xxx/CVE-2020-16146.json | 61 ++++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26050.json | 61 ++++++++++++++++++++++++++++++---- 2 files changed, 110 insertions(+), 12 deletions(-) diff --git a/2020/16xxx/CVE-2020-16146.json b/2020/16xxx/CVE-2020-16146.json index dca82a432f3..087c2f32ea1 100644 --- a/2020/16xxx/CVE-2020-16146.json +++ b/2020/16xxx/CVE-2020-16146.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-16146", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-16146", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espressif/esp-idf", + "refsource": "MISC", + "name": "https://github.com/espressif/esp-idf" + }, + { + "refsource": "MISC", + "name": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md", + "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md" } ] } diff --git a/2020/26xxx/CVE-2020-26050.json b/2020/26xxx/CVE-2020-26050.json index 7af28f9cb80..42ac369af6f 100644 --- a/2020/26xxx/CVE-2020-26050.json +++ b/2020/26xxx/CVE-2020-26050.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://vimeo.com/459654003", + "refsource": "MISC", + "name": "https://vimeo.com/459654003" + }, + { + "refsource": "MISC", + "name": "https://thebinary0x1.medium.com/cve-2020-26050-safervpn-for-windows-local-privilege-escalation-da069bb1373c", + "url": "https://thebinary0x1.medium.com/cve-2020-26050-safervpn-for-windows-local-privilege-escalation-da069bb1373c" } ] } From 66fcf9c2315eaa928728ad731e68e3e90d875231 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 04:01:44 +0000 Subject: [PATCH 13/16] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27637.json | 61 ++++++++++++++++++++++++++++++---- 2021/3xxx/CVE-2021-3127.json | 18 ++++++++++ 2 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3127.json diff --git a/2020/27xxx/CVE-2020-27637.json b/2020/27xxx/CVE-2020-27637.json index 3b609496e1b..6436c669978 100644 --- a/2020/27xxx/CVE-2020-27637.json +++ b/2020/27xxx/CVE-2020-27637.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27637", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27637", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The R programming language\u2019s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.r-project.org/foundation/", + "refsource": "MISC", + "name": "https://www.r-project.org/foundation/" + }, + { + "refsource": "MISC", + "name": "https://labs.bishopfox.com/advisories/cran-version-4.0.2", + "url": "https://labs.bishopfox.com/advisories/cran-version-4.0.2" } ] } diff --git a/2021/3xxx/CVE-2021-3127.json b/2021/3xxx/CVE-2021-3127.json new file mode 100644 index 00000000000..cd36d8fd39a --- /dev/null +++ b/2021/3xxx/CVE-2021-3127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 8de3593ceb19bce1baed750df424f0807ce676f3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 08:01:53 +0000 Subject: [PATCH 14/16] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24700.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24701.json | 61 ++++++++++++++++++++++++++++++---- 2021/23xxx/CVE-2021-23897.json | 18 ++++++++++ 2021/23xxx/CVE-2021-23898.json | 18 ++++++++++ 2021/23xxx/CVE-2021-23899.json | 18 ++++++++++ 2021/23xxx/CVE-2021-23900.json | 18 ++++++++++ 6 files changed, 182 insertions(+), 12 deletions(-) create mode 100644 2021/23xxx/CVE-2021-23897.json create mode 100644 2021/23xxx/CVE-2021-23898.json create mode 100644 2021/23xxx/CVE-2021-23899.json create mode 100644 2021/23xxx/CVE-2021-23900.json diff --git a/2020/24xxx/CVE-2020-24700.json b/2020/24xxx/CVE-2020-24700.json index 529609f99be..3bc8ab9c1ac 100644 --- a/2020/24xxx/CVE-2020-24700.json +++ b/2020/24xxx/CVE-2020-24700.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24700", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24700", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com", + "refsource": "MISC", + "name": "https://www.open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", + "url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html" } ] } diff --git a/2020/24xxx/CVE-2020-24701.json b/2020/24xxx/CVE-2020-24701.json index 89f8fb24dbb..9b0a5db6895 100644 --- a/2020/24xxx/CVE-2020-24701.json +++ b/2020/24xxx/CVE-2020-24701.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24701", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24701", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com", + "refsource": "MISC", + "name": "https://www.open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", + "url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html" } ] } diff --git a/2021/23xxx/CVE-2021-23897.json b/2021/23xxx/CVE-2021-23897.json new file mode 100644 index 00000000000..0a5819657f5 --- /dev/null +++ b/2021/23xxx/CVE-2021-23897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23898.json b/2021/23xxx/CVE-2021-23898.json new file mode 100644 index 00000000000..e3f59f92cc7 --- /dev/null +++ b/2021/23xxx/CVE-2021-23898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23899.json b/2021/23xxx/CVE-2021-23899.json new file mode 100644 index 00000000000..d04cfeedcff --- /dev/null +++ b/2021/23xxx/CVE-2021-23899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23900.json b/2021/23xxx/CVE-2021-23900.json new file mode 100644 index 00000000000..efc2df0ffc7 --- /dev/null +++ b/2021/23xxx/CVE-2021-23900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 06e9b4d006f8b0cfdcd25ae06e5a11b2b843b404 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 09:01:49 +0000 Subject: [PATCH 15/16] "-Synchronized-Data." --- 2020/35xxx/CVE-2020-35653.json | 56 +++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35654.json | 56 +++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35655.json | 56 +++++++++++++++++++++++++++---- 2021/23xxx/CVE-2021-23239.json | 61 ++++++++++++++++++++++++++++++---- 2021/23xxx/CVE-2021-23240.json | 61 ++++++++++++++++++++++++++++++---- 2021/23xxx/CVE-2021-23901.json | 18 ++++++++++ 6 files changed, 278 insertions(+), 30 deletions(-) create mode 100644 2021/23xxx/CVE-2021-23901.json diff --git a/2020/35xxx/CVE-2020-35653.json b/2020/35xxx/CVE-2020-35653.json index f337dc7366c..7f16c9f0160 100644 --- a/2020/35xxx/CVE-2020-35653.json +++ b/2020/35xxx/CVE-2020-35653.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35653", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35653", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" } ] } diff --git a/2020/35xxx/CVE-2020-35654.json b/2020/35xxx/CVE-2020-35654.json index 00dc40b83aa..65bb8f4a5ee 100644 --- a/2020/35xxx/CVE-2020-35654.json +++ b/2020/35xxx/CVE-2020-35654.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35654", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35654", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" } ] } diff --git a/2020/35xxx/CVE-2020-35655.json b/2020/35xxx/CVE-2020-35655.json index b9f0b6bfcab..4d1325778a6 100644 --- a/2020/35xxx/CVE-2020-35655.json +++ b/2020/35xxx/CVE-2020-35655.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html", + "refsource": "MISC", + "name": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" } ] } diff --git a/2021/23xxx/CVE-2021-23239.json b/2021/23xxx/CVE-2021-23239.json index 3b4fed58c88..28ff676ae5a 100644 --- a/2021/23xxx/CVE-2021-23239.json +++ b/2021/23xxx/CVE-2021-23239.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-23239", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-23239", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sudo.ws/stable.html#1.9.5", + "url": "https://www.sudo.ws/stable.html#1.9.5" } ] } diff --git a/2021/23xxx/CVE-2021-23240.json b/2021/23xxx/CVE-2021-23240.json index c555cd8f6bc..b1b79f22daf 100644 --- a/2021/23xxx/CVE-2021-23240.json +++ b/2021/23xxx/CVE-2021-23240.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-23240", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-23240", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sudo.ws/stable.html#1.9.5", + "url": "https://www.sudo.ws/stable.html#1.9.5" } ] } diff --git a/2021/23xxx/CVE-2021-23901.json b/2021/23xxx/CVE-2021-23901.json new file mode 100644 index 00000000000..9b309cf0256 --- /dev/null +++ b/2021/23xxx/CVE-2021-23901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 8c5b83e3b640bed67ea2e32f18f9cc297754629f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 14:01:45 +0000 Subject: [PATCH 16/16] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17518.json | 5 +++++ 2021/3xxx/CVE-2021-3128.json | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 2021/3xxx/CVE-2021-3128.json diff --git a/2020/17xxx/CVE-2020-17518.json b/2020/17xxx/CVE-2020-17518.json index e3cc4ea493d..27d807a03cd 100644 --- a/2020/17xxx/CVE-2020-17518.json +++ b/2020/17xxx/CVE-2020-17518.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20210107 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10", "url": "https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88ef221e63084c1e5f2@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20210112 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10", + "url": "https://lists.apache.org/thread.html/r710693b0d3b229c81f485804ea1145b4edda79c9e77d66c39a0a2ff1@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2021/3xxx/CVE-2021-3128.json b/2021/3xxx/CVE-2021-3128.json new file mode 100644 index 00000000000..ce5e95f3d68 --- /dev/null +++ b/2021/3xxx/CVE-2021-3128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file