From b571041d0f21666b6a97d731af09432613818252 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 9 Sep 2021 19:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21996.json | 5 ++ 2021/22xxx/CVE-2021-22004.json | 5 ++ 2021/25xxx/CVE-2021-25449.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25450.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25451.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25452.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25453.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25454.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25455.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25456.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25457.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25458.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25459.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25460.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25461.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25462.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25463.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25464.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25465.json | 77 +++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25466.json | 77 +++++++++++++++++++++++-- 2021/28xxx/CVE-2021-28914.json | 56 ++++++++++++++++-- 2021/31xxx/CVE-2021-31607.json | 5 ++ 2021/38xxx/CVE-2021-38316.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38317.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38318.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38319.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38320.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38321.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38322.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38323.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38324.json | 100 +++++++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38325.json | 100 +++++++++++++++++++++++++++++++-- 32 files changed, 2283 insertions(+), 174 deletions(-) diff --git a/2021/21xxx/CVE-2021-21996.json b/2021/21xxx/CVE-2021-21996.json index 39c31a21f70..cde261fe007 100644 --- a/2021/21xxx/CVE-2021-21996.json +++ b/2021/21xxx/CVE-2021-21996.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/", "url": "https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-00ada7e667", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/" } ] }, diff --git a/2021/22xxx/CVE-2021-22004.json b/2021/22xxx/CVE-2021-22004.json index 23f40ad7360..5a3ca31cc51 100644 --- a/2021/22xxx/CVE-2021-22004.json +++ b/2021/22xxx/CVE-2021-22004.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/", "url": "https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-00ada7e667", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/" } ] }, diff --git a/2021/25xxx/CVE-2021-25449.json b/2021/25xxx/CVE-2021-25449.json index cd54dd6bd9a..858a20a2b36 100644 --- a/2021/25xxx/CVE-2021-25449.json +++ b/2021/25xxx/CVE-2021-25449.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25450.json b/2021/25xxx/CVE-2021-25450.json index d5769f9ddce..10c69c2db38 100644 --- a/2021/25xxx/CVE-2021-25450.json +++ b/2021/25xxx/CVE-2021-25450.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25451.json b/2021/25xxx/CVE-2021-25451.json index 4f5b884419b..4cde2218d5f 100644 --- a/2021/25xxx/CVE-2021-25451.json +++ b/2021/25xxx/CVE-2021-25451.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25451", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25452.json b/2021/25xxx/CVE-2021-25452.json index 66c1334806d..78fb569d3c4 100644 --- a/2021/25xxx/CVE-2021-25452.json +++ b/2021/25xxx/CVE-2021-25452.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25452", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipset", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25453.json b/2021/25xxx/CVE-2021-25453.json index bcb4d1bf248..71c53912059 100644 --- a/2021/25xxx/CVE-2021-25453.json +++ b/2021/25xxx/CVE-2021-25453.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25453", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25454.json b/2021/25xxx/CVE-2021-25454.json index 63556abc242..6a1324f1498 100644 --- a/2021/25xxx/CVE-2021-25454.json +++ b/2021/25xxx/CVE-2021-25454.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25455.json b/2021/25xxx/CVE-2021-25455.json index 857df499954..1ec043cc82c 100644 --- a/2021/25xxx/CVE-2021-25455.json +++ b/2021/25xxx/CVE-2021-25455.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25456.json b/2021/25xxx/CVE-2021-25456.json index 68849d83694..ebf05ed2b47 100644 --- a/2021/25xxx/CVE-2021-25456.json +++ b/2021/25xxx/CVE-2021-25456.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25457.json b/2021/25xxx/CVE-2021-25457.json index 21cda9418ac..cad825c954d 100644 --- a/2021/25xxx/CVE-2021-25457.json +++ b/2021/25xxx/CVE-2021-25457.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25458.json b/2021/25xxx/CVE-2021-25458.json index 5d295cf7e3f..3da89e9e962 100644 --- a/2021/25xxx/CVE-2021-25458.json +++ b/2021/25xxx/CVE-2021-25458.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0) , R(11.0) devices with Exynos chipsets", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25459.json b/2021/25xxx/CVE-2021-25459.json index 7afa5072df4..7c8b93a1636 100644 --- a/2021/25xxx/CVE-2021-25459.json +++ b/2021/25xxx/CVE-2021-25459.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select Q(10.0), R(11.0) devices", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25460.json b/2021/25xxx/CVE-2021-25460.json index b37a6d6a848..c006d1bcc4d 100644 --- a/2021/25xxx/CVE-2021-25460.json +++ b/2021/25xxx/CVE-2021-25460.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select Q(10.0), R(11.0) devices", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25461.json b/2021/25xxx/CVE-2021-25461.json index ddae63b2544..9a06f4fcd9c 100644 --- a/2021/25xxx/CVE-2021-25461.json +++ b/2021/25xxx/CVE-2021-25461.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1)", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25462.json b/2021/25xxx/CVE-2021-25462.json index f476b5311d0..50080070da9 100644 --- a/2021/25xxx/CVE-2021-25462.json +++ b/2021/25xxx/CVE-2021-25462.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25462", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0) , R(11.0) devices with Exynos chipsets", + "version_value": "SMR Sep-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25463.json b/2021/25xxx/CVE-2021-25463.json index a2f8496f613..073d674aed8 100644 --- a/2021/25xxx/CVE-2021-25463.json +++ b/2021/25xxx/CVE-2021-25463.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PENUP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.8.00.18" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25464.json b/2021/25xxx/CVE-2021-25464.json index ebe27646d03..80ce868bab4 100644 --- a/2021/25xxx/CVE-2021-25464.json +++ b/2021/25xxx/CVE-2021-25464.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Capture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "4.8.02" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25465.json b/2021/25xxx/CVE-2021-25465.json index cf8f810a095..b8e1ee410bd 100644 --- a/2021/25xxx/CVE-2021-25465.json +++ b/2021/25xxx/CVE-2021-25465.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Theme", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "5.2.01" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25466.json b/2021/25xxx/CVE-2021-25466.json index ca8d9eb777b..26f5ca8fa4a 100644 --- a/2021/25xxx/CVE-2021-25466.json +++ b/2021/25xxx/CVE-2021-25466.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Internet", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "15.0.2.47" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28914.json b/2021/28xxx/CVE-2021-28914.json index 73695a38c7c..73f8e0c48fa 100644 --- a/2021/28xxx/CVE-2021-28914.json +++ b/2021/28xxx/CVE-2021-28914.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28914", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28914", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2021-28914", + "url": "https://psytester.github.io/CVE-2021-28914" } ] } diff --git a/2021/31xxx/CVE-2021-31607.json b/2021/31xxx/CVE-2021-31607.json index 0dac0ac642e..d6a55fd27ff 100644 --- a/2021/31xxx/CVE-2021-31607.json +++ b/2021/31xxx/CVE-2021-31607.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-5aaebdae8e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-00ada7e667", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/" } ] } diff --git a/2021/38xxx/CVE-2021-38316.json b/2021/38xxx/CVE-2021-38316.json index 05b4c877b28..999c3911455 100644 --- a/2021/38xxx/CVE-2021-38316.json +++ b/2021/38xxx/CVE-2021-38316.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T17:23:00.000Z", "ID": "CVE-2021-38316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WP Academic People List <= 0.4.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Academic People List ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.4.1", + "version_value": "0.4.1" + } + ] + } + } + ] + }, + "vendor_name": "WP Academic People List " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38316", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38316" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wp-academic-people/tags/0.4.1/admin-panel.php#L57", + "name": "https://plugins.trac.wordpress.org/browser/wp-academic-people/tags/0.4.1/admin-panel.php#L57" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38317.json b/2021/38xxx/CVE-2021-38317.json index ff9e1baf3bd..763e7508096 100644 --- a/2021/38xxx/CVE-2021-38317.json +++ b/2021/38xxx/CVE-2021-38317.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Konnichiwa! Membership", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.8.3", + "version_value": "0.8.3" + } + ] + } + } + ] + }, + "vendor_name": "Konnichiwa! Membership" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38317", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38317" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/konnichiwa/trunk/views/subscriptions.html.php?rev=1625922#L7", + "name": "https://plugins.trac.wordpress.org/browser/konnichiwa/trunk/views/subscriptions.html.php?rev=1625922#L7" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38318.json b/2021/38xxx/CVE-2021-38318.json index b927e894b04..a0c466e4bef 100644 --- a/2021/38xxx/CVE-2021-38318.json +++ b/2021/38xxx/CVE-2021-38318.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "3D Cover Carousel <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3D Cover Carousel", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "3D Cover Carousel" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38318", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38318" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/3d-cover-carousel/trunk/cover-carousel.php?rev=1522904#L733", + "name": "https://plugins.trac.wordpress.org/browser/3d-cover-carousel/trunk/cover-carousel.php?rev=1522904#L733" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38319.json b/2021/38xxx/CVE-2021-38319.json index d7e02736f81..57957671d01 100644 --- a/2021/38xxx/CVE-2021-38319.json +++ b/2021/38xxx/CVE-2021-38319.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "More From Google <= 0.0.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "More From Google ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.0.2", + "version_value": "0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "More From Google " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38319", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38319" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/more-from-google/trunk/morefromgoogle.php#L397", + "name": "https://plugins.trac.wordpress.org/browser/more-from-google/trunk/morefromgoogle.php#L397" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38320.json b/2021/38xxx/CVE-2021-38320.json index ccda1854f85..8959fadb021 100644 --- a/2021/38xxx/CVE-2021-38320.json +++ b/2021/38xxx/CVE-2021-38320.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "simpleSAMLphp Authentication", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.7.0", + "version_value": "0.7.0" + } + ] + } + } + ] + }, + "vendor_name": "simpleSAMLphp Authentication" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38320", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38320" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/simplesamlphp-authentication/tags/0.7.0/simplesamlphp-authentication.php#L307", + "name": "https://plugins.trac.wordpress.org/browser/simplesamlphp-authentication/tags/0.7.0/simplesamlphp-authentication.php#L307" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38321.json b/2021/38xxx/CVE-2021-38321.json index 958c8002512..ee1ce5bf178 100644 --- a/2021/38xxx/CVE-2021-38321.json +++ b/2021/38xxx/CVE-2021-38321.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38321", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Custom Menu Plugin ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.3", + "version_value": "1.3.3" + } + ] + } + } + ] + }, + "vendor_name": "Custom Menu Plugin " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38321", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38321" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/custom-sub-menus/trunk/custom-menus.php?rev=2205549#L136", + "name": "https://plugins.trac.wordpress.org/browser/custom-sub-menus/trunk/custom-menus.php?rev=2205549#L136" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38322.json b/2021/38xxx/CVE-2021-38322.json index 9db8dd15e40..843cf27acd9 100644 --- a/2021/38xxx/CVE-2021-38322.json +++ b/2021/38xxx/CVE-2021-38322.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38322", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Twitter Friends Widget <= 3.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Twitter Friends Widget ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.1", + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "Twitter Friends Widget" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38322", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38322" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/twitter-friends-widget/trunk/twitter-friends-widget.php#L309", + "name": "https://plugins.trac.wordpress.org/browser/twitter-friends-widget/trunk/twitter-friends-widget.php#L309" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38323.json b/2021/38xxx/CVE-2021-38323.json index fc7e4bba9e0..309a03c3d6b 100644 --- a/2021/38xxx/CVE-2021-38323.json +++ b/2021/38xxx/CVE-2021-38323.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38323", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RentPress <= 6.6.4 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RentPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.6.4", + "version_value": "6.6.4" + } + ] + } + } + ] + }, + "vendor_name": "RentPress" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38323", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38323" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/rentpress/tags/6.6.4/src/rentPress/AjaxRequests.php#L83", + "name": "https://plugins.trac.wordpress.org/browser/rentpress/tags/6.6.4/src/rentPress/AjaxRequests.php#L83" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38324.json b/2021/38xxx/CVE-2021-38324.json index 175ce29ed5d..6d0984aebc8 100644 --- a/2021/38xxx/CVE-2021-38324.json +++ b/2021/38xxx/CVE-2021-38324.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38324", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " SP Rental Manager ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.5.3", + "version_value": "1.5.3" + } + ] + } + } + ] + }, + "vendor_name": " SP Rental Manager " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389", + "name": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38325.json b/2021/38xxx/CVE-2021-38325.json index 92b22f66017..5f264baff5a 100644 --- a/2021/38xxx/CVE-2021-38325.json +++ b/2021/38xxx/CVE-2021-38325.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "User Activation Email <= 1.3.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "User Activation Email", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.0", + "version_value": "1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "User Activation Email" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38325", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38325" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/user-activation-email/tags/1.3.0/user-activation-email.php#L191", + "name": "https://plugins.trac.wordpress.org/browser/user-activation-email/tags/1.3.0/user-activation-email.php#L191" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file