From b26901e21cc9c996722463a23616c0fecd5737a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Mar 2022 16:03:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23850.json | 74 +++++++++++++++++++++++- 2021/23xxx/CVE-2021-23851.json | 74 +++++++++++++++++++++++- 2021/39xxx/CVE-2021-39754.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39778.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39779.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39780.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39781.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39782.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39783.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39784.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39786.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39787.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39788.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39789.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39790.json | 50 ++++++++++++++++- 2021/39xxx/CVE-2021-39791.json | 50 ++++++++++++++++- 2022/0xxx/CVE-2022-0998.json | 50 ++++++++++++++++- 2022/20xxx/CVE-2022-20002.json | 50 ++++++++++++++++- 2022/22xxx/CVE-2022-22996.json | 100 +++++++++++++++++++++++++++++++-- 19 files changed, 988 insertions(+), 60 deletions(-) diff --git a/2021/23xxx/CVE-2021-23850.json b/2021/23xxx/CVE-2021-23850.json index 494670b918e..b70ea7d0116 100644 --- a/2021/23xxx/CVE-2021-23850.json +++ b/2021/23xxx/CVE-2021-23850.json @@ -4,15 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Buffer Overflow vulnerability in the recovery image telnet server", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "all", + "version_affected": "=", + "platform": "CPP4, CPP6, CPP7, CPP7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware." } ] + }, + "source": { + "advisory": "BOSCH-SA-478243-BT ", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23851.json b/2021/23xxx/CVE-2021-23851.json index ce0e1159fe7..04d6991f765 100644 --- a/2021/23xxx/CVE-2021-23851.json +++ b/2021/23xxx/CVE-2021-23851.json @@ -4,15 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Buffer Overflow vulnerability in the recovery image web-based interface ", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "all", + "version_affected": "=", + "platform": "CPP4, CPP6, CPP7, CPP7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware." } ] + }, + "source": { + "advisory": "BOSCH-SA-478243-BT", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39754.json b/2021/39xxx/CVE-2021-39754.json index ef8b81b3a57..48bf76437a2 100644 --- a/2021/39xxx/CVE-2021-39754.json +++ b/2021/39xxx/CVE-2021-39754.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709" } ] } diff --git a/2021/39xxx/CVE-2021-39778.json b/2021/39xxx/CVE-2021-39778.json index 8bab45d9459..72ec9f12b7a 100644 --- a/2021/39xxx/CVE-2021-39778.json +++ b/2021/39xxx/CVE-2021-39778.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39778", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138" } ] } diff --git a/2021/39xxx/CVE-2021-39779.json b/2021/39xxx/CVE-2021-39779.json index bd942bae6d8..1c1c06e08a8 100644 --- a/2021/39xxx/CVE-2021-39779.json +++ b/2021/39xxx/CVE-2021-39779.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974" } ] } diff --git a/2021/39xxx/CVE-2021-39780.json b/2021/39xxx/CVE-2021-39780.json index 01841413fdb..d63d5c16f48 100644 --- a/2021/39xxx/CVE-2021-39780.json +++ b/2021/39xxx/CVE-2021-39780.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293" } ] } diff --git a/2021/39xxx/CVE-2021-39781.json b/2021/39xxx/CVE-2021-39781.json index 3f1bd0c6bb5..a483b7cc96e 100644 --- a/2021/39xxx/CVE-2021-39781.json +++ b/2021/39xxx/CVE-2021-39781.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502" } ] } diff --git a/2021/39xxx/CVE-2021-39782.json b/2021/39xxx/CVE-2021-39782.json index b509e66c099..5891ac21fb5 100644 --- a/2021/39xxx/CVE-2021-39782.json +++ b/2021/39xxx/CVE-2021-39782.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39782", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015" } ] } diff --git a/2021/39xxx/CVE-2021-39783.json b/2021/39xxx/CVE-2021-39783.json index 092ae6b62c9..9375dd8ef8a 100644 --- a/2021/39xxx/CVE-2021-39783.json +++ b/2021/39xxx/CVE-2021-39783.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597" } ] } diff --git a/2021/39xxx/CVE-2021-39784.json b/2021/39xxx/CVE-2021-39784.json index 97c0a8e09b7..c858a2ce019 100644 --- a/2021/39xxx/CVE-2021-39784.json +++ b/2021/39xxx/CVE-2021-39784.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477" } ] } diff --git a/2021/39xxx/CVE-2021-39786.json b/2021/39xxx/CVE-2021-39786.json index 7c193c7a8fe..159802587ce 100644 --- a/2021/39xxx/CVE-2021-39786.json +++ b/2021/39xxx/CVE-2021-39786.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247" } ] } diff --git a/2021/39xxx/CVE-2021-39787.json b/2021/39xxx/CVE-2021-39787.json index f61f0ff63cf..c34ec925fb7 100644 --- a/2021/39xxx/CVE-2021-39787.json +++ b/2021/39xxx/CVE-2021-39787.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934" } ] } diff --git a/2021/39xxx/CVE-2021-39788.json b/2021/39xxx/CVE-2021-39788.json index 8dc4247c6f6..723bedfd4ec 100644 --- a/2021/39xxx/CVE-2021-39788.json +++ b/2021/39xxx/CVE-2021-39788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014" } ] } diff --git a/2021/39xxx/CVE-2021-39789.json b/2021/39xxx/CVE-2021-39789.json index 3a6396557bb..3be99387117 100644 --- a/2021/39xxx/CVE-2021-39789.json +++ b/2021/39xxx/CVE-2021-39789.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906" } ] } diff --git a/2021/39xxx/CVE-2021-39790.json b/2021/39xxx/CVE-2021-39790.json index 3d6ab63ab2c..d4e44b9baee 100644 --- a/2021/39xxx/CVE-2021-39790.json +++ b/2021/39xxx/CVE-2021-39790.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146" } ] } diff --git a/2021/39xxx/CVE-2021-39791.json b/2021/39xxx/CVE-2021-39791.json index f5c66b9ecb2..f36bb836d48 100644 --- a/2021/39xxx/CVE-2021-39791.json +++ b/2021/39xxx/CVE-2021-39791.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606" } ] } diff --git a/2022/0xxx/CVE-2022-0998.json b/2022/0xxx/CVE-2022-0998.json index 460fb9098a0..a86abcfe360 100644 --- a/2022/0xxx/CVE-2022-0998.json +++ b/2022/0xxx/CVE-2022-0998.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 5.17-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/", + "url": "https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow flaw was found in the Linux kernel\u2019s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ] } diff --git a/2022/20xxx/CVE-2022-20002.json b/2022/20xxx/CVE-2022-20002.json index a74b74f3acb..db687a0cef9 100644 --- a/2022/20xxx/CVE-2022-20002.json +++ b/2022/20xxx/CVE-2022-20002.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-12l", + "url": "https://source.android.com/security/bulletin/android-12l" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657" } ] } diff --git a/2022/22xxx/CVE-2022-22996.json b/2022/22xxx/CVE-2022-22996.json index 88c3faeacb4..bebb583bd9c 100644 --- a/2022/22xxx/CVE-2022-22996.json +++ b/2022/22xxx/CVE-2022-22996.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SanDisk Professional G-RAID 4/8 Software Utility, Privilege Escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "G-RAID 4/8 Software Utility", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "G-RAID 4/8 Software Utility", + "version_value": "300520006-2" + }, + { + "platform": "Windows", + "version_affected": "<", + "version_name": "G-RAID Windows Driver", + "version_value": "V6.2.0,16-2" + } + ] + } + } + ] + }, + "vendor_name": "SanDisk Professional" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "DoHyun Lee(@l33d0hyun) and SeungYun LEE(@SeungYun_Le2) of Korea University Sejong Campus and JaeHeng Yoon(@onnoveath) } of JENBlack Soft " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427 Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22007-sandisk-professional-g-raid-4-8-software-utility-setup-for-windows-privilege-escalation", + "name": "https://www.westerndigital.com/support/product-security/wdc-22007-sandisk-professional-g-raid-4-8-software-utility-setup-for-windows-privilege-escalation" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Western Digital recommends all users install the latest updates for the Windows app and driver from the links below.\n\nG-RAID Software Utility: https://download.g-technology.com/software/G-RAID_Software_Utility_300520006-2.zip\n\nWindows Driver: https://download.g-technology.com/software/SanDisk_WinDrv_Installer_V6.2.0.16-2_WHQL.zip" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file